WordPress is a popular and free open-source content management system (CMS) used worldwide. Known for its flexibility, it serves as a powerful platform for a variety of purposes such as blogging, portfolio sites, and eCommerce platforms. WordPress typically employs Apache or Nginx as its web server, MariaDB/MySQL as its database, and PHP for processing. Additionally, WordPress offers a plethora of themes and plugins that allow customization to enhance its features and functionality.
In this comprehensive guide, we will walk you through the steps to install WordPress with Nginx on a CentOS 8 server, and show you how to secure your setup using a free Let’s Encrypt SSL certificate.
Prerequisites
- A server running CentOS 8.
- Root password configured on your server.
- A valid domain name directed to your server’s IP address.
Getting Started
To begin, it’s necessary to disable SELinux as it is enabled by default on a CentOS 8 server.
Edit the /etc/selinux/config file:
nano /etc/selinux/config
Update the following line:
SELINUX=disabled
Save the file and then restart your server to apply the changes.
Install LEMP Server
Before proceeding, ensure Nginx, MariaDB, PHP, and other necessary packages are installed on your server. Execute the following command:
yum install nginx php php-cli php-curl php-zip php-mbstring php-mysqlnd php-fpm curl unzip mariadb-server -y
After installation, start the services for Nginx, PHP-FPM, and MariaDB, and enable them to start automatically upon system reboot:
systemctl start nginx systemctl enable nginx systemctl start mariadb systemctl enable mariadb systemctl start php-fpm systemctl enable php-fpm
Verify the status of the PHP-FPM service using:
systemctl status php-fpm
The output should resemble this:
? php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-17 05:39:11 EDT; 4min 40s ago
Main PID: 1475 (php-fpm)
Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/sec"
Tasks: 6 (limit: 5060)
Memory: 28.5M
CGroup: /system.slice/php-fpm.service
??1475 php-fpm: master process (/etc/php-fpm.conf)
??1478 php-fpm: pool www
??1479 php-fpm: pool www
??1480 php-fpm: pool www
??1481 php-fpm: pool www
??1482 php-fpm: pool www
Oct 17 05:39:10 centos8 systemd[1]: Starting The PHP FastCGI Process Manager...
Oct 17 05:39:11 centos8 systemd[1]: Started The PHP FastCGI Process Manager.
Upon completion, proceed to the next section.
Configure WordPress Database
The default MariaDB server installation isn’t secure. Secure it with:
mysql_secure_installation
Answer the prompts as follows:
Enter current password for root (enter for none): Set root password? [Y/n] n Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
The expected output should be:
Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Log in to the MariaDB shell:
mysql -u root -p
Enter your root password when prompted and create a WordPress database and user:
CREATE DATABASE wpdb; GRANT ALL PRIVILEGES on wpdb.* to 'wpuser'@'localhost' identified by 'password';
Flush privileges and exit:
FLUSH PRIVILEGES; EXIT;
After configuring your database, move on to the next step.
Download WordPress
Download the latest WordPress version with:
cd /var/www/html wget https://wordpress.org/latest.tar.gz
Then, extract the downloaded file:
tar -xvzf latest.tar.gz
Change ownership of the WordPress directory to nginx:
chown -R nginx: /var/www/html/wordpress/
Enter the WordPress directory and rename the default configuration file:
cd /var/www/html/wordpress cp wp-config-sample.php wp-config.php
Edit the wp-config.php file:
nano wp-config.php
Update the database information:
/** The name of the database for WordPress */ define( 'DB_NAME', 'wpdb' ); /** MySQL database username */ define( 'DB_USER', 'wpuser' ); /** MySQL database password */ define( 'DB_PASSWORD', 'password' ); /** MySQL hostname */ define( 'DB_HOST', 'localhost' );
Save and close the file upon completion.
Configure Nginx for WordPress
Next, create an Nginx virtual host configuration file for WordPress:
nano /etc/nginx/conf.d/wordpress.conf
Insert the following configurations:
server {
listen 80;
server_name example.com;
root /var/www/html/wordpress;
index index.php;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires max;
log_not_found off;
}
}
Save and close the file. Verify the Nginx configuration for syntax errors:
nginx -t
The expected output is:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, restart the Nginx service to apply changes:
systemctl restart nginx
Access WordPress Dashboard
With WordPress installed and configured, you can now access the web interface.
Open your web browser, navigate to http://example.com, and you should be greeted by this page:
Fill in your site information such as site name, admin username, password, and admin email, then click on the Install WordPress button. Upon installation completion, you should see this page:
Click the login button to access the WordPress login page:
Enter your admin username and password, then click Log In to see the WordPress dashboard:
Secure WordPress with Let’s Encrypt
To secure your WordPress site using Let’s Encrypt SSL, you first need to install the Certbot client. Note that Certbot is not available in CentOS 8 repositories by default. To install it, follow these steps:
Download and install Certbot using the commands:
wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto
Execute the command to obtain and install an SSL certificate:
certbot-auto --nginx -d example.com
You will be prompted to provide an email address and agree to the terms of service, and decide whether to redirect HTTP traffic to HTTPS. Choose appropriately and press Enter. On successful installation, you will see:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-08-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Set Up Let’s Encrypt Automatic Renewal
Let’s Encrypt certificates are valid for 90 days, requiring renewal before expiration. Automate this with a cron job:
Create a cron job with:
crontab -e
Add this line:
0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew
Save and close the file.
Conclusion
This tutorial guided you through the steps to install and configure WordPress with Nginx on a CentOS 8 server while securing it with a Let’s Encrypt free SSL certificate. You should now be capable of hosting your WordPress website efficiently.
Frequently Asked Questions (FAQ)
- Why disable SELinux on CentOS 8 before installing WordPress?
SELinux could potentially interfere with the installation of certain web services due to its security policies. Disabling it temporarily ensures a smoother installation. - What is the purpose of setting up a LEMP server?
The LEMP stack (Linux, Nginx, MySQL/MariaDB, PHP) provides an efficient and scalable environment to host WordPress, catering to various web application needs. - Is it mandatory to use Let’s Encrypt for SSL?
No, while Let’s Encrypt offers free SSL certificates and is widely used, you can opt for other SSL certificate providers based on your security requirements. - Can WordPress themes and plugins impact server performance?
Yes, heavy or poorly optimized themes and plugins can slow down your site. It is crucial to use lightweight and well-maintained themes and plugins. - What should I do if I encounter issues during WordPress installation?
Check server logs, ensure all prerequisite packages and dependencies are installed, and that all configurations are correctly set.