A Step-by-Step Guide to Launching a WordPress Site on a VPS (and Troubleshooting Common Errors)

Launching a new website on a Virtual Private Server (VPS) is a rewarding process, but it can be filled with small hurdles. This guide summarizes my real-world journey from a blank server to a fully functional, secure website, complete with a domain name and an SSL certificate.

As a backgrounder, I have a food site where I post recipes. Unlike this site (oxrommel.dev) that uses Hugo, it is using Wordpress. But very much like this site though, it also doesn’t make any money. haha! :) :) :)

The annual subscription for my prior VPS is up and I decided to move the food site to another VPS which has better specs for lesser price. So, below is what I did setting up the new VPS.

1. Updating and Securing The New VPS

Most VPSes usually come with a free Linux OS (Windows VPSes are usually higher in price because of the additional license cost). Mine came with AlmaLinux. I normally use Ubuntu as my Linux OS but decided to try AlmaLinux ver 8 instead this time around. Surprisingly, it’s quite smooth (from an install perspective) and better imho. Will be moving my other VPSes to Alma in the future.

Before installing any applications, it’s crucial to perform some initial security steps. This protects your server from unauthorized access and ensures all your software is up to date. 🔒

Step 1.1: Update Your System

Your first command after logging in should always be to update the system. This ensures you have the latest security patches and bug fixes. In AlmaLinux, you do the below:

sudo dnf update -y

Step 1.2: Create a New User and Secure Access

Logging in and performing daily tasks as the root user is risky. A single mistake can break your entire system. The best practice is to create a new user with administrative privileges and then disable root login.

1. Create the new user: The adduser command creates the user, but you must set the password separately on AlmaLinux.

   sudo adduser your_username
   sudo passwd your_username
   

2. Give the new user sudo privileges: Add the user to the wheel group, which provides sudo access on AlmaLinux.

   sudo usermod -aG wheel your_username
   

3. Disable root login: After you’ve logged in as your new user, edit the SSH configuration file to prevent direct logins from root.

   sudo nano /etc/ssh/sshd_config
   

   Change the line #PermitRootLogin yes to PermitRootLogin no. Then, restart the SSH service to apply the change.

   sudo systemctl restart sshd
   

Step 1.3: Configure the Firewall

A firewall is your server’s first line of defense. AlmaLinux uses firewalld to manage rules. By default, it’s configured to be secure, but you’ll need to open ports for the services you want to run.

1. Check the firewall status:

   sudo systemctl status firewalld
   

   If it’s not active, enable it:

   sudo systemctl enable --now firewalld
   

2. List open services and ports:

   sudo firewall-cmd --list-services
   sudo firewall-cmd --list-ports
   

   You will likely see ssh already listed.
3. Open new services: To allow web traffic, you need to open the http and https services.

   sudo firewall-cmd --permanent --add-service=http
   sudo firewall-cmd --permanent --add-service=https
   sudo firewall-cmd --reload
   

   The --reload command applies the changes immediately.

2. Setting Up the Foundation: The LAMP Stack

The first step in our journey was to install a LAMP stack, which stands for Linux, Apache, MariaDB, and PHP. This is the essential software that turns your server into a web host.

• Linux: Your AlmaLinux operating system.
• Apache: The web server that serves your website files to visitors.
• MariaDB: The database where WordPress stores all its content.
• PHP: The programming language that WordPress is built on.

With these components installed, your server is ready to run a website. The next step is to configure it to serve your specific site. Here is a breakdown of how to install and configure each component.

Step 2.1: Install and Enable the Core Components

We’ll use the dnf package manager to install the necessary software.

• Apache (Web Server):

  sudo dnf install httpd -y
  

  After installation, you need to enable and start the Apache service. This ensures the web server is running and will start automatically after a reboot.

  sudo systemctl enable --now httpd
  

• MariaDB (Database Server):

  sudo dnf install mariadb-server -y
  

  Like Apache, MariaDB needs to be enabled and started.

  sudo systemctl enable --now mariadb
  

• PHP (Programming Language): We installed a more recent version of PHP from the Remi repository.

  1. Install the EPEL and Remi repositories:

     sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
     sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
     

  2. Install the latest PHP version from Remi (e.g., PHP 8.2) along with the necessary MySQL extension for WordPress:

     sudo dnf module reset php
     sudo dnf module install php:remi-8.2 -y
     sudo dnf install php-mysqlnd -y
     

  3. After installing PHP and its extensions, you must restart Apache for the changes to take effect.

     sudo systemctl restart httpd
     

Step 2.2: Secure MariaDB

By default, MariaDB is insecure. A dedicated script is provided to secure the installation.

• Run the script:

  sudo mysql_secure_installation
  

• Follow the prompts to:
  • Set a strong root password for the database.
  • Remove anonymous users.
  • Disallow remote root login.
  • Remove the test database.
  • Reload privileges.

Step 2.3: Create a Database and User for WordPress

WordPress needs a dedicated database and user account to function.

• Log in to the MariaDB shell:

  sudo mysql -u root -p
  

  (Enter the password you just created)
• Create the database (replace your_database_name):

  CREATE DATABASE your_database_name;
  

• Create the user (replace your_username and your_password):

  CREATE USER 'your_username'@'localhost' IDENTIFIED BY 'your_password';
  

• Grant privileges to the new user and flush privileges:

  GRANT ALL PRIVILEGES ON your_database_name.* TO 'your_username'@'localhost';
  FLUSH PRIVILEGES;
  

• Exit the shell:

  EXIT;
  

3. Creating an Apache Virtual Host

For Apache to know where to find your website files, you need to create a Virtual Host configuration file. This file tells Apache which directory to serve for your domain. We named our file yoursite.com.conf and placed it in the /etc/httpd/conf.d/ directory.

1. Create the file in the virtual hosts directory. Use the .conf extension for the file name (replace yoursite.com):

   sudo nano /etc/httpd/conf.d/yoursite.com.conf
   

   Copy and paste the following configuration into the file. Be sure to replace yoursite.com with your actual domain name and your email address.

   <VirtualHost *:80>
       ServerName yoursite.com
       ServerAlias www.yoursite.com
       DocumentRoot /var/www/yoursite.com/public_html
       ErrorLog /var/www/yoursite.com/error.log
       CustomLog /var/www/yoursite.com/requests.log combined
   
       <Directory /var/www/yoursite.com/public_html>
           Options Indexes FollowSymLinks
           AllowOverride All
           Require all granted
       </Directory>
   </VirtualHost>
   

A critical setting in this file is the DocumentRoot directive, which points to the location of your WordPress files. Another is the <Directory> block, which must have AllowOverride All to allow WordPress to use its .htaccess file for permalinks.

4. The WordPress Installation Process 🖥️

With your LAMP stack and virtual host configured, you are ready to install WordPress. This process involves downloading the files, setting permissions, and linking them to your database.

Step 4.1: Download and Extract the Files

First, download the latest version of WordPress to a temporary directory on your server.

1. Navigate to the /tmp/ directory.

   cd /tmp
   

2. Download the latest WordPress archive.

   wget https://wordpress.org/latest.tar.gz
   

3. Extract the archive, which will create a wordpress folder.

   tar -zxvf latest.tar.gz
   

   If you get an error because you don’t have tar. The command to install tar is: sudo dnf install tar -y

4. Move the contents of the wordpress folder to your website’s public_html directory.

   sudo mv /tmp/wordpress/* /var/www/yoursite.com/public_html/
   

Step 4.2: Set File Permissions

This is a critical security step. You must give the web server (the apache user) ownership and write permissions over the WordPress files so it can handle updates, themes, and plugins.

1. Change the ownership of the files and folders to the apache user.

   sudo chown -R apache:apache /var/www/yoursite.com/
   

2. Set the correct file permissions to allow Apache to write to the folders.

   sudo chmod -R 775 /var/www/yoursite.com/
   

Step 4.3: Configure WordPress

Now, you’ll tell WordPress how to connect to the database you created earlier.

1. Navigate to your site’s public_html directory.

   cd /var/www/yoursite.com/public_html/
   

2. Copy the sample configuration file.

   sudo cp wp-config-sample.php wp-config.php
   

3. Open the file in a text editor to edit it.

   sudo nano wp-config.php
   

4. Find the database settings and fill in your database name, username, and password.

   // ** MySQL settings - You can get this info from your web host ** //
   /** The name of the database for WordPress */
   define( 'DB_NAME', 'your_database_name' );
   
   /** MySQL database username */
   define( 'DB_USER', 'your_username' );
   
   /** MySQL database password */
   define( 'DB_PASSWORD', 'your_password' );
   
   /** MySQL hostname */
   define( 'DB_HOST', 'localhost' );
   

5. Save the file and exit the editor.

   Your WordPress site is now configured.

6. Run the WordPress Installer

   I use a Windows computer. Not sure if this works on a Mac. You can “trick” your computer into visiting the site by editing your local hosts file. This file manually maps a domain to an IP address, allowing you to test your site without affecting how other people view it. The hosts file is usually located in C:\Windows\System32\drivers\etc.

   At the bottom of the file, add a new line with your VPS IP address, a space, and then your domain name (e.g., 123.45.67.89 yoursite.com). You should also add a line for the www subdomain.

   # For your new VPS
   123.45.67.89  yoursite.com
   123.45.67.89  www.yoursite.com
   

   Now, open your web browser and navigate to your domain name (e.g., http://yoursite.com). Your computer will use the hosts file to find your VPS, and you will be greeted by the WordPress welcome screen.

   From here, simply follow the prompts to:

   Select your language.
   
   Enter your site's title.
   
   Create a username and a strong password for your admin account.
   

   Once you complete this, your WordPress site will be fully installed and ready to use!

5. Troubleshooting Permalinks and mod_rewrite

An issue I encountered and a common issue with new WordPress installations is a broken permalink structure, which often points to the mod_rewrite module not being properly enabled.

To check if mod_rewrite is enabled on your Apache server, you can use the command line:

sudo apachectl -M

If you see rewrite_module (shared) in the output, the module is loaded. In our case, the issue wasn’t the module itself but a simple typo in the directory path within the virtual host configuration file. A small error like this can cause a cascade of problems.

The fix was to correct the typo and restart Apache to apply the changes:

sudo systemctl restart httpd

6. Pointing Your DNS to the New Server 🌎

Once the site was working on the server, the next step was to point the domain name to the new VPS. Since we were using Cloudflare, this was done directly in the Cloudflare dashboard.

1. Log in to your Cloudflare account.
2. Go to the DNS app.
3. Edit the existing A records for your domain (@ and www) and enter your VPS’s IP address in the Value field.
4. Critical Step: For the initial setup, click the orange cloud icon 🍊 to disable the Cloudflare Proxy and turn it gray. This ensures traffic goes directly to your server, which is essential for obtaining an SSL certificate.

7. Installing the SSL Certificate with Certbot 🔐

Before you can safely enable HTTPS, your server must have a valid SSL certificate. We used Certbot with Let’s Encrypt to automate this process.

1. Install Certbot: Install the core utility and the Apache plugin.

   sudo dnf install certbot python3-certbot-apache -y
   

2. Run Certbot: Run the command to automatically request and install the certificate.

   sudo certbot --apache
   

   Certbot will guide you through the process, asking for your email and confirming the domains you want to secure.

8. Correcting a WordPress Redirect Loop

After Certbot was installed, we ran into a common issue: a redirect loop. This happens when you change the WordPress Site URL from http to https before your server is fully configured to handle secure traffic. To fix this, we updated the database directly via the command line.

1. Log in to the MariaDB shell.

   sudo mysql -u root -p
   

2. Select your WordPress database.

   USE your_database_name;
   

3. Update the siteurl and home options back to http.

   UPDATE wp_options SET option_value = 'http://yoursite.com' WHERE option_name IN ('siteurl', 'home');
   

4. Exit the shell.

Once the WordPress URLs were back to http, the site loaded correctly. We then went back to the WordPress dashboard and changed the URLs to https.

After this final step, your site should be fully functional and secure! You can then go back to Cloudflare and re-enable the proxy for performance and security.