WordPress on a LEMP (Nginx) server is one of the best configurations for someone who wants to host and manage their own server.

Why Nginx?

Nginx is fast and can handle thousands of requests at once, which makes it a really good choice as a server.

Why WordPress?

WordPress powers almost 30% of the internet and is the most popular CMS. WordPress allows us to build a website in just 5 minutes and just a few clicks. To run WordPress (self-hosted version) one needs a hosting server that is fast and powerful.

Hosting Server

There are a lot of hosting providers from which you can choose, below are a few which we have tested and recommended.

Shared Hosting (Good for Beginners)

Bluehost

Cloud Hosting

DigitalOcean: Best Unmanaged Hosting ($100 Signup Bonus)
CloudWays: Best Managed Hosting

WordPress needs a server setup to run and in this guide, we will learn how to install WordPress on a LEMP stack (Linux (Ubuntu 21.04 or 20.04), Ngnix, MySQL/MariaDB, and PHP) on a DigitalOcean server.

DigitalOcean servers are known as Droplets (start at $0.007/hour or $5/month)

1GB of RAM
25GB of SSD storage space
1TB of bandwidth
1 unit of vCPU (virtual CPU) power

What is LEMP?

LEMP stands for Linux, Nginx, MySQL, and PHP (things needed to run WordPress on a server).

In this tutorial, we will install Ubuntu 21.04 or 20.04, Nginx, MariaDB, and PHP 8.1 but there are a lot of options available to set up a server. We recommend this server setup as:

Ubuntu 21.04 is the best OS for server setup
Nginx performs better at handling large traffic (Read Ngnix vs Apache and Ngnix vs Apache Practical considerations)
MariaDB (A Kinsta article to know about MySQL and MariaDB)
PHP 8.1 (the latest and fastest PHP version)

Step by Step installation guide for WordPress (LEMP) on DigitalOcean:

If you have not bought hosting yet use this DigitalOcean link to get $100 credit.

Create a droplet by clicking “Get Started with a Droplet”

On the Create droplet page select the following options:

Choose an image: Select Ubuntu 21.04 or 20.04
Choose a plan: Standard ($6 plan) is enough or choose according to your requirements.
Choose a datacenter region according to your target audience.
Select additional options: check IPv6.
Authentication: SSH is more secure.
Choose a hostname: Name of your droplet.

Finally, click on create a droplet. You will receive an email on your registered email address with a login and password.

These login credentials will be used to log in to the server. To do so click on the droplet name you just created, and then click on the Access Tab.

Now you will see the option “Launch Console”, click on it to access your droplet remotely.

A new tab will open up with terminal access. Now, will need to log in to the server as username “root” (username and password you received in the email).

Enter the password from the email and press enter. You will be prompted to set a new password (you need to remember the new password so store it somewhere secure).

Now that we have access to the server, will install Nginx, MySQL, and PHP on Ubuntu 18.04 or 20.04, which has already been installed on your Digitalocean server.

Note: All the commands that are to be used have a white or black background and commands are case-sensitive. Press Enter after typing the command to run.

First, we will update our system:

Check for updates:

sudo apt update

Update all the things for which an update was found:

sudo apt upgrade -y

A prompt will come up with options, and from that select “Keep the local version currently installed”.

sudo apt dist-upgrade

Time for some cleanup and reboot:

sudo apt autoclean && sudo apt autoremove

sudo reboot

Install MariaDB

sudo apt install mariadb-server -y

Secure the database.

sudo mysql_secure_installation

Now you will see the following questions

Enter current password for root (enter for none): Press Enter key
Set root password? [Y/n]: Y then Press Enter key
New password: password
Re-enter new password: password

If successful following prompt will be shown “Password updated successfully! Reloading privilege tables.. … Success!”

Answer the next 4 questions as Yes(Y).

Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

New Database Creation For WordPress

sudo mysql -u root -p

It will ask for a password, and enter the password you just created (remember password won’t be visible but it is being typed).

New Database and Privileges

Create a database named “wordpress”, you can change the name if you want.

create database wordpress;

Granting permissions of database “wordpress” to user “gaurav” with password “wUt7xg3K5DVWgP6P”. This is your password for the database “wordpress” and different from the MariaDB password.

grant all on wordpress.* to gaurav@new.yadavgaurav.com identified by 'wUt7xg3K5DVWgP6P';

flush privileges;

exit;

Install PHP and other modules for WordPress.

sudo apt install software-properties-common

sudo add-apt-repository ppa:ondrej/php

sudo apt update && sudo apt upgrade -y

sudo apt install php-fpm php-common php-mysql php-xml php-xmlrpc php-curl php-gd php-imagick php-cli php-dev php-imap php-mbstring php-soap php-zip php-bcmath -y

Secure PHP-FRM

PHP-FRM by default allows executing PHP file which is not on the server (this can be used for hacking), so we need to disable this option.

This can be done manually by php.in (located in /etc/php/7.4/fpm/php.ini) or by running the following command:

ls /etc/php/

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/8.1/fpm/php.ini

Restart PHP-FRM:

systemctl restart php8.1-fpm.service

Install NGINX

sudo apt install nginx -y

To check if NGINX was successfully installed, visit your server IP address. The IP address for your server can be found by clicking on the droplet name. The IPv4 value is your IP address as shown in the image below.

Note down the IPv4 value as will use it again.

You will be greeted with a “Welcome to NGNIX” screen if NGNIX was installed successfully.

Now we need to assign proper permissions:

chown -R www-data:www-data /var/www/yadavgaurav

sudo chmod -R 755 /var/www/yadavgaurav

Firewall and Security:

ufw enable

ufw allow ssh

ufw app info “Nginx Full”

ufw allow ‘Nginx Full’

To check ufw is properly configured run the following command:

ufw status

The result should be something like this:

service nginx restart

Nginx Server Block

Now we need to configure Ngnix Server Block to properly point our domain and PHP configurations.

A server block in Ngnix is used to divide and separate configuration details and host more than one domain off of a single server.

If you want to understand Ngnix Server Block in details following link will be helpful:

We will first delete the default files:

rm /etc/nginx/sites-available/default

rm /etc/nginx/sites-enabled/default

Now we need to create new block files:

cd /etc/nginx/sites-available/

nano example-com

This will create example-com (you can use a name more relevant to your domain) and open a file editor as nano is a file editor in ubuntu.

server {
listen 80;
root /var/www/yadavgaurav;
index index.php index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 0;

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;

location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}

location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}

location ~* .(css|gif|ico|jpeg|jpg|js|png|webp)$ {
expires 1y;
log_not_found off;
}

location ~ \.user\.ini$ {
deny all;
}

# Enable Gzip compression.
gzip on;

# Disable Gzip on IE6.
gzip_disable "msie6";

# Allow proxies to cache both compressed and regular versions of the file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;

# Compress data, even when the client connects through a proxy.
gzip_proxied any;

# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;

# Compress the following MIME types.
gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/ld+json
	application/manifest+json
	application/rss+xml
	application/vnd.geo+json
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/bmp
	image/svg+xml
	image/x-icon
	text/cache-manifest
	text/css
	text/plain
	text/vcard
	text/vnd.rim.location.xloc
	text/vtt
	text/x-component
	text/x-cross-domain-policy;
}

To save the file Press CTRL+O and Enter the key, then press CTRL+X.

Create Symbolic Links:

ln -s /etc/nginx/sites-available/example-com /etc/nginx/sites-enabled/

sudo nginx -t

service nginx restart

systemctl restart php7.4-fpm.service

systemctl restart mysql

apt-get update

Now it’s time to update your DNS setting, to do so login into your domain registrar (Godaddy, Bluehost, Namecheap, etc.) and change name servers.

ns1.digitalocean.com

ns2.digitalocean.com

ns3.digitalocean.com

Now add your domain to your droplet and add the following records.

A record from example.com which points to server IP

Record type: A
HOSTNAME: @
WILL DIRECT TO: Server IP (IPv4)
Click “Create Record”

Record type: A
HOSTNAME: www
WILL DIRECT TO: Server IP (IPv4)
Click “Create Record”

Install Let’s Encrypt SSL Certificate

add-apt-repository ppa:certbot/certbot

apt-get update

apt-get install python-certbot-nginx

certbot –nginx -d example.com -d www.example.com

Install WordPress

The following command will install WordPress in “html” directory, you can change it if you want but the directory should be inside the “www” directory.

cd /var/www/yadavgaurav

wget https://wordpress.org/latest.tar.gz

tar -xvzf latest.tar.gz

mv -v wordpress/* /var/www/yadavgaurav

rm -rf index.nginx-debian.html latest.tar.gz wordpress

chown -R www-data:www-data /var/www/

sudo chmod -R 755 /var/www

We are done with the server configuration.

Visit your domain address (example.com) and you will see the WordPress famous 5 mins install.

When you click on “Let’s Go” it will ask for database information we created with “grant all on wordpress.* to gaurav@new.yadavgaurav.com identified by ‘wUt7xg3K5DVWgP6P’;”. The database Name is “wordpress”, Username is “gaurav” and the password is “wUt7xg3K5DVWgP6P”.

Run the installation and create an admin username and password. We are all done, your website is now up and running.

Optional Configuration

PHP Configuration for running WordPress smoothly:

File location /etc/php/7.4/fpm/php.ini

max_execution_time Change 30 to 300
max_input_time Change 60 to 600
memory_limit Changeset to 128M to 256M
post_max_size Change 8M to 64M
upload_max_filesize Change 2M to 32M

Restart PHP-FRM and NGNIX

sudo service php7.4-fpm reload

sudo service nginx reload

Installing Another Website On the Same Server

For this we need to create a new directory in /var/www/

cd /var/www/

mkdir examplenew

wget https://wordpress.org/latest.tar.gz

tar -xvzf latest.tar.gz

mv -v wordpress/* /var/www/examplenew

rm -rf index.nginx-debian.html latest.tar.gz wordpress

chown -R www-data:www-data /var/www/examplenew

sudo chmod -R 755 /var/www/examplenew

Create a new server block