Low Orbit Flux Logo 2 D

WordPress Setup and Install

Wordpress is an incredibly popular CMS. It makes building websites really easy. We’re going to show you how to install and setup WordPress. Wordpress isn’t for everybody. We’re also going to help you decide what is right for you.

  • easy
  • point and click once you have it setup
  • supported by most hosting providers
  • widely use
  • loads of nice plug-ins
  • can be insecure if you aren't careful
  • slow
  • includes a database as an extra level of complexity
  • more effort to backup


Prerequisites Before Installing Wordpress

For this guide we’re assuming the following:

Actual Setup

Setup Database for WordPress:

mysql -u root -p

GRANT ALL ON WordPress.* TO 'WordPressuser'@'localhost' IDENTIFIED BY 'password';

Install extra PHP extensions that WordPress uses:

sudo apt-get update
sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc
sudo systemctl restart apache2

Enable .htaccess overrides:

sudo vi /etc/apache2/apache2.conf

<Directory /var/www/html/>
    AllowOverride All

Enable mod_rewrite so that WordPress permalinks will work:

sudo a2enmod rewrite
sudo apache2ctl configtest

Download latest WordPress:

cd /tmp
curl -O https://WordPress.org/latest.tar.gz
tar xzvf latest.tar.gz

Place holder .htaccess:

touch /tmp/WordPress/.htaccess
chmod 660 /tmp/WordPress/.htaccess

Copy over sample config:

cp /tmp/WordPress/wp-config-sample.php /tmp/WordPress/wp-config.php

So WordPress doesn’t run into trouble doing this itself later on when it tries to upgrade:

mkdir /tmp/WordPress/wp-content/upgrade

Copy to web root, include hidden files, preserve permissions:

sudo cp -a /tmp/WordPress/. /var/www/html
sudo chown -R user1:www-data /var/www/html

Set the setgid bit so that files created in these dirs will in inherit their group ownership and not just use the current users group:

sudo find /var/www/html -type d -exec chmod g+s {} \;

Group Write access for theme and plugin changes:

sudo chmod g+w /var/www/html/wp-content
sudo chmod -R g+w /var/www/html/wp-content/themes
sudo chmod -R g+w /var/www/html/wp-content/plugins

Generate secret keys:

curl -s https://api.WordPress.org/secret-key/1.1/salt/

Copy and paste these keys inside your WordPress config file:

vi /var/www/html/wp-config.php

The existing/placeholder keys you need to replace look like this:

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

Add our DB settings to the config file and configure WordPress to write the the FS directly:

vi /var/www/html/wp-config.php

define('DB_NAME', 'WordPress');
define('DB_USER', 'WordPressuser');
define('DB_PASSWORD', 'password');
define('FS_METHOD', 'direct');

Login through the web interface:


WARNING - People will be scanning your site for WordPress vulnerabilies before WordPress is even installed. As soon as you have your webserver running, people will start scanning.

You might want to configure how permalinks work or install a theme:


The upgrads aren’t too bad. We just have a couple extra steps to make things more secure.

Add some temporary permissions:

sudo chown -R www-data /var/www/html

sudo chown -R sammy /var/www/html

That is pretty much it. WordPress is installed and you are ready to start creating content. How to actually use WordPress after installation is another story.

Your Done!

but not really… keep reading…

We strongly recommend that you secure your WordPress site. WordPress is notorious for getting hacked. Don’t ruin all your hard work by becoming a statistic. Keep reading.

WordPress Security

WARNING - People will be scanning your site for WordPress vulnerabilities before WordPress is even installed. As soon as you have your webserver running, people will start scanning.

Why Security is Important

We’re going to build an entire new section of this guide focused on security. For now just follow this guide.

Affiliate Disclosure statement We receive compensation for promoting many of these hosting services.