WordPress powers over 43% of all websites on the internet, and for good reason—it is flexible, well-documented, and supported by a massive ecosystem of themes and plugins. While managed WordPress hosting handles the technical setup for you, running WordPress on your own VPS gives you complete control over performance, security, and cost. A properly configured VPS can outperform managed hosting that costs three to five times as much.

This step-by-step tutorial walks you through installing WordPress on a VPS using the LEMP stack (Linux, Nginx, MySQL, PHP). By the end, you will have a fast, secure, production-ready WordPress site with free SSL and performance optimizations. We assume you have already completed the basic VPS setup described in our VPS setup guide.

Get a VPS for WordPress

InterServer VPS from $2.50/month with SSD storage and full root access. Perfect for WordPress. Price-locked for life.

Get InterServer VPS →

Prerequisites

Before you begin, make sure you have the following:

  • A VPS running Ubuntu 22.04 or 24.04 LTS (we recommend InterServer for its value and reliability).
  • A non-root user with sudo privileges.
  • A domain name pointing to your server's IP address (configure an A record in your DNS provider's dashboard).
  • SSH access to your server.

Step 1: Install the LEMP Stack

LEMP stands for Linux, Nginx (pronounced "Engine-X"), MySQL, and PHP. It is the recommended stack for WordPress on a VPS because Nginx is faster and more memory-efficient than Apache, especially under high traffic.

Install Nginx

sudo apt update
sudo apt install nginx -y
sudo systemctl enable nginx

Install MySQL

sudo apt install mysql-server -y
sudo mysql_secure_installation

During the secure installation, set a strong root password, remove anonymous users, disallow remote root login, and remove the test database.

Install PHP 8.1 and Extensions

sudo apt install php8.1-fpm php8.1-mysql php8.1-cli php8.1-curl php8.1-gd php8.1-mbstring php8.1-xml php8.1-xmlrpc php8.1-zip php8.1-imagick php8.1-intl -y

These extensions cover everything WordPress needs: image processing (imagick, gd), internationalization (intl), XML parsing, and more. Verify PHP is working:

php -v

Step 2: Create a MySQL Database for WordPress

WordPress needs a database to store posts, pages, users, and settings. Log in to MySQL as root:

sudo mysql -u root -p

Run the following SQL commands, replacing the password with a strong, unique value:

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'your_strong_password_here';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Using utf8mb4 character set ensures full Unicode support, including emoji. Write down the database name, username, and password—you will need them during WordPress setup.

Step 3: Download and Configure WordPress

Navigate to the web root directory and download the latest WordPress release:

cd /tmp
curl -O https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
sudo mkdir -p /var/www/wordpress
sudo cp -a /tmp/wordpress/. /var/www/wordpress/

Set the correct ownership so Nginx can read the files:

sudo chown -R www-data:www-data /var/www/wordpress
sudo chmod -R 755 /var/www/wordpress

Create the WordPress configuration file from the sample:

cd /var/www/wordpress
sudo cp wp-config-sample.php wp-config.php
sudo chown www-data:www-data wp-config.php

Edit the configuration file and enter your database details:

sudo nano wp-config.php

Update these lines with your database information:

define('DB_NAME', 'wordpress');
define('DB_USER', 'wpuser');
define('DB_PASSWORD', 'your_strong_password_here');
define('DB_HOST', 'localhost');

For added security, replace the default authentication keys with new ones from the WordPress secret-key generator service.

InterServer VPS

Step 4: Configure Nginx for WordPress

Create a new Nginx server block for your WordPress site:

sudo nano /etc/nginx/sites-available/wordpress

Paste the following configuration, replacing yourdomain.com with your actual domain:

server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/wordpress;
    index index.php index.html index.htm;

    client_max_body_size 64M;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires max;
        log_not_found off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location ~ /\.ht {
        deny all;
    }
}

Enable the site and disable the default:

sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx

The nginx -t command tests the configuration for syntax errors. If it reports "syntax is OK," reload Nginx to apply the changes.

Step 5: Install Free SSL with Let's Encrypt

SSL is essential for security and SEO. Let's Encrypt provides free SSL certificates, and Certbot automates the entire process:

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Follow the interactive prompts. Certbot will obtain the certificate, configure Nginx to use it, and set up automatic renewal. Choose to redirect all HTTP traffic to HTTPS when asked.

Step 6: Complete the WordPress Setup Wizard

Open your browser and visit https://yourdomain.com. You should see the WordPress installation wizard. Follow these steps:

  • Select your preferred language.
  • Enter your site title, admin username, password, and email.
  • Click "Install WordPress."
  • Log in to your new WordPress admin dashboard at https://yourdomain.com/wp-admin.

Step 7: Optimize WordPress Performance

Install a Caching Plugin

Caching stores generated pages so they do not need to be rebuilt on every visit. We recommend WP Super Cache or W3 Total Cache. Configure page caching and enable gzip compression.

Enable OPcache

OPcache stores precompiled script bytecode in memory, eliminating the need for PHP to load and parse scripts on each request. It is usually enabled by default with PHP 8.1. Verify with:

php -i | grep opcache

Optimize MySQL

Edit the MySQL configuration to tune memory allocation for your server's RAM:

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

For a 2GB server, add or adjust these settings:

innodb_buffer_pool_size = 512M
innodb_log_file_size = 64M
query_cache_size = 32M
query_cache_limit = 2M

Use a CDN

A Content Delivery Network (CDN) like Cloudflare serves your static assets from edge locations worldwide, reducing latency for visitors far from your server. Cloudflare offers a free plan that also includes DDoS protection and SSL.

Step 8: Secure Your WordPress Installation

Security MeasureHow to Implement
Limit login attemptsInstall the "Limit Login Attempts" plugin
Strong admin passwordUse a password manager to generate 20+ characters
Two-factor authenticationInstall a 2FA plugin like Wordfence Login Security
Disable file editingAdd define('DISALLOW_FILE_EDIT', true); to wp-config.php
Regular backupsUse UpdraftPlus or a cron-based backup script
Keep everything updatedUpdate WordPress core, themes, and plugins regularly
Security scanningInstall Wordfence or Sucuri for malware scanning

Step 9: Set Up Automated Backups

Backups are your insurance against data loss. Create a simple backup script that exports your database and copies your files:

sudo nano /usr/local/bin/wp-backup.sh
#!/bin/bash
DATE=$(date +%Y%m%d)
BACKUP_DIR=/var/backups/wordpress
mkdir -p $BACKUP_DIR
mysqldump -u root -pYOUR_PASSWORD wordpress > $BACKUP_DIR/db_$DATE.sql
tar -czf $BACKUP_DIR/files_$DATE.tar.gz /var/www/wordpress
find $BACKUP_DIR -type f -mtime +7 -delete

Make the script executable and schedule it with a daily cron job:

sudo chmod +x /usr/local/bin/wp-backup.sh
sudo crontab -e
# Add this line:
0 2 * * * /usr/local/bin/wp-backup.sh

This runs the backup every day at 2 AM and deletes backups older than 7 days. For off-site backups, configure the script to upload to an external storage service like Amazon S3 or Backblaze B2.

Launch WordPress on InterServer VPS

Full root access, SSD storage, and instant deployment from $2.50/month. Perfect for hosting WordPress with the LEMP stack.

Get InterServer VPS →

Affiliate Disclosure: VPSFeedX may earn a commission when you purchase through links on this page. This does not affect the price you pay or our recommendations.