Install & Configure WordPress Installation on Ubuntu 20.x with SSL/Https and Other Security and Permission / ( Apache2/PHP/MYSQL/WordPress)

Home /

1. To install Apache2 server, run the commands below:
sudo apt update
sudo apt install apache2

After installing Apache2, the commands below can be used to stop, start and enable Apache2
sudo systemctl stop apache2.service
sudo systemctl start apache2.service
sudo systemctl enable apache2.service

Now that Apache2 is installed. To test whether the webserver is working, open your browser and browse to the URL below
http://ip.address or web address

If you see the page above, then Apache2 is successfully installed
2. Install MariaDB Database Server
sudo apt-get install mariadb-server mariadb-client
After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots.
sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation
sudo mysql_secure_installation
When prompted, answer the questions below by following the guide.
Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Now that MariaDB is installed, to test whether the database server was successfully installed, run the commands below…
sudo mysql -u root -p
type the root password when prompted

If you see a similar screen as shown above, then the server was successfully installed.
3. Install PHP 7.4 and Related Modules
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.4 libapache2-mod-php7.4 php7.4-common php7.4-mysql php7.4-gmp php7.4-curl php7.4-intl php7.4-mbstring php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip

After installing PHP 7.2, run the commands below to open PHP default configuration file for Apache2
sudo nano /etc/php/7.2/apache2/php.ini
The lines below is a good setting for most PHP based CMS… Update the configuration file with these and save….
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Asia/Kolkata

You should also restart Apache2 web server. To do so, run the commands below:
sudo systemctl restart apache2.service
4. Create a WordPress Database
To logon to MariaDB database server, run the commands below.
sudo mysql -u root -p
Then create a database called egdatabase
Create a database user called wpuser with a new password
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'new_password_here';
Then grant the user full access to the database.
GRANT ALL ON egdatabase.* TO 'wpuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;
Finally, save your changes and exit.

5. Download WordPress Latest Release
cd /tmp
tar -xvzf latest.tar.gz
sudo mv wordpress /var/www/html/

Then run the commands below to set the correct permissions for WordPress root directory and give Apache2 control
sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/

6. Configure Apache2 with Your Domain
Apache2 is installed, go and configure it with your domain so that when users type your domain name, Apache2 server should respond.
Create an Apache2 server block for the domain. To do that, run the commands below to create a new configuration file for domain.
The file will be called
sudo nano /etc/apache2/sites-available/
Then copy and save the content below into the file and save.

DocumentRoot /var/www/html/
CustomLog ${APACHE_LOG_DIR}/ combined

Save the file and exit
Now the configuration file is created, run the commands below to enable it.
sudo a2ensite
sudo a2enmod rewrite
sudo systemctl restart apache2.service

Then open your browser and browse to the server domain name. You should see the WordPress setup wizard to complete. But wait if you want to enable SSL before installing WordPress.
7. Install and Configure Let’s Encrypt
First, install Certbot… Certbot is a fully-featured and easy to use tool that can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates.
To install it, run the commands below:
sudo apt install certbot
After installing Certbot, create a file for Let’s Encrypt to the Webroot plugin to validate our domain in the ${webroot-path}/.well-known/acme-challenge directory.
To do that, create the directory and give Apache2 access to it.
sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt

Next, create a well-known challenge file with the configurations below…
sudo nano /etc/apache2/conf-available/well-known.conf
Then copy and paste the content below into the file and save…
Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"

AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS

Save the file and exit
Your domain should be pointing to your server IP. Apache2 HTTP server installed and configured and Certbot installed ready to obtain your certificate.
Before requesting your free certificate, open your enable Apache2 configurations and modules by running the commands below.
The commands below enable Apache2 SSL, Headers, HTTPS/2 and the well-known configuration file we created above
sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod http2
sudo a2enconf well-known

After enabling the modules and config file above, restart Apache2 server… To do that, run the commands below
sudo systemctl restart apache2
At this point, all is set and you’re ready to obtain your certificate. To do that run the commands below:
sudo certbot certonly --agree-tos --email --webroot -w /var/lib/letsencrypt/ -d -d
Let’s Encrypt should connect validate your domain and server, then install the domain certificate. If everything is successful, you should see a similar message as below:
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2019-08-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:
Donating to EFF:

At this point you have a certificate, now go and add it to Apache2 configuration for domain.
First, let’s generate a Diffie–Hellman key exchange (DH) certificate to securely exchange cryptographic keys… To do that, run the commands below to generate a certificate with 2048 bit.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Next, open your config file and make it so that it looks similar to the one below:
sudo nano /etc/apache2/sites-available/
Configure your file to look similar to the one below

Redirect permanent /

DocumentRoot /var/www/html/
Protocols h2 http:/1.1

Redirect permanent /

CustomLog ${APACHE_LOG_DIR}/ combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCompression off
SSLUseStapling on

Next, you will need to configure a server cache for the OCSP status information. The best place for this would be in the Apache SSL configuration file.
sudo nano /etc/apache2/mods-available/ssl.conf
This file contains all the options that Apache uses for SSL. An additional option SSLStaplingCache needs to be added to this file as below.
# Set the location of the SSL OCSP Stapling Cache
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

The SSLStaplingCache directive defines the location for the cache and a size value for the OCSP cache.
Save your changes above and restart Apache2 for the settings above to take effect.
sudo systemctl restart apache2
To set up a process to automatically renew the certificates, add a cron job to execute the renewal process.
sudo crontab -e
Then add the line below and save.
0 1 * * * /usr/bin/certbot renew & > /dev/null
The cron job will attempt to renew 30 days before expiring
To test the renewal process, you can use the certbot –dry-run switch:
sudo certbot renew --dry-run
That’s it! Congratulations! You have successfully configured Apache2 for Let’s Encrypt free SSL/TLS on Ubuntu
8. Enable the WordPress
Then open your browser and browse to the server domain name. You should see the WordPress setup wizard complete. Please follow the wizard carefully.
Then follow the on-screen instructions. Select the installation language then click Continue

You will need to know the following items before proceeding. All after this, are easy to go ahead step.