WordPress is a web publishing software you can use to create your own website or blog. Since it was released in 2003, WordPress has become one of the most popular web publishing platforms. Today it powers nearly 30 percent of the entire web from personal blogs to some of the biggest news web sites on the internet.
But many people don’t realize that WordPress is much more just a blogging tool. It’s actually a highly flexible content management system (CMS) that enables you to build and manage your own website using only your web browser. Best of all, it’s completely FREE.
That’s because WordPress is an Open Source project. That means that hundreds of volunteers from all around the world are continually creating and improving the code for the WordPress software. And, there are thousands of plugins, widgets, and themes that enable you to build just about any type of website you can imagine.
In addition to what comes on a regular Ubuntu 16.04 Droplet, the WordPress One-click image contains the following components:
- Apache: The most widely used web (HTTP) server.
- MySQL: A commonly used open-source relational database.
- PHP: PHP language support.
These components comprise what is known as the LAMP stack, a group of open-source software that is typically installed together to enable a server to host dynamic websites like WordPress. This term is actually an acronym which represents the Linux operating system, with the Apache webserver. eThe site data is stored in a MySQL database, and dynamic content is processed by PHP.
Additionally, to improve security, the following components are included:
- UFW: A program to simplify the management of a firewall.
- fail2ban: A service that automatically updates your firewall configuration to block attackers.
In this tutorial, we’ll create a WordPress One-click Droplet, then explain how to configure your WordPress site, including how to configure the domain, where the MySQL password can be found, and how to access the MySQL database.
Step 1 — Creating A WordPress Droplet
To create a WordPress Droplet from the DigitalOcean Control Panel, open the Create menu and select Droplets:
This takes you to the Create Droplets page, where you can customize your settings before creating your WordPress Droplet. How to Create your First Droplet describes each choice in detail. Below, we’ll highlight critical parameters:
choose an image:
You’ll need to switch from the Distributions tab to the One-click apps:
Once there, change to One-click apps tab, then locate WordPress:
Click WordPress to select it as the image.
Once the image is highlighted, you can accept the defaults or adjust settings according to your use case. We recommend the following changes:
Choose a size
Choose whatever size you need here. Note that WordPress One-Click Droplets require 1GB of RAM or more, so first available plan begins at 1GB.
Choose a datacenter region
Generally, choose the data center closest to your user base.
Select additional options
We recommend that you select Monitoring, a free service that will help you follow Droplet resource usage over time. You may also want to consider enabling automated backups. You can allow this now or anytime in the future.
Choose a hostname
You can make it easier to identify the Droplet by naming “WordPress” or by calling it after the site you plan to host.
When you’ve made your choices, click Create.
Once the Droplet is created, its address will be displayed:
Click the address to copy it to your clipboard. In the next step, we’ll use this to view the WordPress site.
Step 2 — Checking the Placeholder Page
Open a web browser and paste the Droplet’s IP address into the location bar to visit your new site. Until you log in with SSH, the following page will appear:
This security measure has been put in place to protect the initial configuration of WordPress, in which the administrative user is set up.
You can safely leave the installation in this state until you are ready to configure WordPress.
Step 3 — Accessing the Droplet via SSH to Enable Configuration
To remove the placeholder web page, connect to the Droplet with SSH. As soon as you connect, it’s essential to complete the WordPress configuration promptly. Until you do, anyone who stumbled across the site could create the administrative user and password.
You’ll need to connect directly to the server from the command line one time to be able to configure WordPress. If you haven’t used a terminal program like SSH or PuTTY before, refer to this tutorial for detailed help: How To Connect To Your Droplet with SSH.
Once you’re ready, open a terminal on your computer and log into your Droplet as root (or your administrative user) via SSH with this command (substitute with your Droplet’s IP address):
If you are prompted for a password, enter the password that was emailed to you when the Droplet was created and follow the on-screen prompts to replace your temporary password. Alternately, if you set up the Droplet with SSH keys, the keys will be used for authentication instead.
After the first successful SSH login, you’re ready to set your administrative password and configure WordPress.
Step 4 — Configuring WordPress
After WordPress installation has been enabled by logging into the Droplet via SSH, visit the Droplet’s IP address in a web browser. You should see the following page:
Follow the on-screen prompts to select the language, give the site a name, and configure its administrative user. Be sure to set a strong password for added security).
Once you have completed the initial configuration, you can log in as the administrative user you just created and continue to set up your site.
Step 5 — Configuring a Domain
To use a domain name set up with your own DNS provider. Either way, you connect your domain name to your WordPress Droplet, once it resolves, you will need to update the WordPress configuration to use the domain.
Log in to your WordPress admin panel at http://DROPLETIPADDRESS/wp-admin using the admin account you created earlier. Click on General under Settings in the navigation bar on the left-hand side of the page. Here, you will see several options you can configure for your site. Update the WordPress Address (URL) and Site Address (URL) fields to reflect your new domain name and click Save Changes.
You can customize your site’s appearance, install plugins for added functionality, or create a new post or a page.
Step 6 — Locating Logins and Passwords
Additional details of your installation are provided in the MOTD (Message of the Day) which is displayed when you log into your Droplet via SSH:
------------------------------------------------------------------------------- Thank you for using DigitalOcean's WordPress Application. Wordpress has now been enabled. You can access your WordPress instance at: http://203.0.113.0 The "ufw" firewall is enabled. All ports except for 22, 80, and 443 are BLOCKED. To secure your WordPress installation, fail2ban has been configured and the Wordpress fail2ban plugin is a site enforce module in. If you do not want to use this plugin, remove /var/www/html/wp-content/mu-plugins/fail2ban. You are encouraged to run mysql_secure_installation to ready your server for production. The passwords for MySQL and the WordPress users have been saved to: /root/.digitalocean_password Let's Encrypt has been pre-installed for you. If you have a domain name, and you will be using it with this 1-Click app, please see: http://do.co/le-apache You can learn more about using this image here: http://do.co/wordpressapp -------------------------------------------------------------------------------------
If you need to access your MySQL database server, you can find your MySQL root user password in the /root/.digitalocean_password file with the following command:
Copy the password, located inside the quotation marks on the line that begins root_mysql_pass. Next, run the MySQL command with the -u flag to specify a user (root) and the -p flag to be prompted for the password as follows:
mysql -u root -p
When prompted, paste in the password you copied.
If you prefer to use a graphical user interface, the tutorial How To Install and Secure phpMyAdmin on Ubuntu 16.04 can guide you.
Your WordPress site should be up and running. You enhance its security by following these steps:
Follow our Initial Server Setup guide to give Sudo privileges to your user. And lockdown root login, and take other steps to make your Droplet ready for production.