Installing WordPress on a Digital Ocean Droplet — From Scratch to Finish

A video guide on how to host WordPress website on DigitalOcean

WordPress installation of a Digital Ocean droplet

DigitalOcean is perhaps the most economical cloud platforms out there… and the best when it comes to affordability, performance, scalability, reliability, control and community. It is perfectly within reach for running multiple site or high-traffic WordPress installs. However if you are just starting out, there’s going to be a slight learning-curve (naturally). Here’s a tutorial to give you a step-by-step walkthrough on installing WordPress on DigitalOcean — from spinning up a fresh droplet to publishing a WordPress website.

Of all the choices of Linux distros, Debian is our flavour of choice — it’s a source distro and doesn’t have any meddling into the OS incurred by means of repackaging.

The video tutorial covers the following steps:

  1. Booting up a new droplet.
  2. Creating a sudo user for administrative purposes.
  3. Configuring the sudo user-account to not be prompted for passwords.
  4. Installing zsh shell and oh-my-zsh framework plus 2 handy plugins.
  5. Installing the AMP in the L-AMP.
  6. Installing PHPMyAdmin from the repository.
  7. Securing Apache’s public web-directories.
  8. Installing WordPress via command-line.
  9. Installing certbot to enable HTTPS / SSL on the WordPress install.
  10. Installing WP-CLI to manage WordPress installation(s) and common WordPress operations from command-line.
  11. Deploying WordPress website to production URL via WP-CLI.

Video Summary: Installing WordPress on a DigitalOcean Droplet

  • 🌐 Setting up a Digital Ocean droplet and initiating WordPress installation.
  • 📍 Choosing San Francisco Data Center 2 for better API latency due to proximity to IT companies.
  • 🔑 Opting for password authentication and setting up monitoring for the droplet.
  • 💻 Accessing the droplet’s console and preparing to use the command line.
  • 🔄 Running system updates and upgrades.
  • 🚹 Creating a new sudo user for enhanced security.
  • 🔐 Adjusting sudo privileges to avoid password prompts.
  • 🖥️ Customizing the shell prompt using “oh my zsh” and adding extensions.
  • 🖋️ Demonstrating auto-suggestions for command inputs.
  • 💡 Installing the AMP in the L-AMP.
  • 🔒 Securing the MySQL installation and setting up root password.
  • 🌍 Accessing Apache and enabling configurations for PHP 7.4 FPM.
  • 📊 Installing phpMyAdmin from the repository and configuring it.
  • 🛡️ Securing Apache web directories and setting permissions.
  • 📦 Installing WordPress on the droplet and configuring it for the domain.
  • 🔐 Installing Certbot for SSL certificates and integrating with Apache.
  • 🛠️ Installing WP CLI for command-line WordPress management.
  • 🔄 Updating WordPress database to reflect the domain instead of the IP address.

Video Transcript

Creating a New Droplet

0:07    so today we are going to spin up a digital ocean droplet and install wordpress on it
0:15    I’m logged into my digitalocean account and we’ll go ahead and click on create
0:21    droplets. I’m going to go with the latest version
0:28    of debian and we’ll just go with a basic shared
0:34    cpu with a regular intel with ssd
0:40    It’s got 1gb one cpu 25gb of ssd disk and 1000 gb of transfer.
0:47    We don’t want to add a block storage I’m going to choose the region as san francisco data center 2.
0:57    the benefit is that most of the it companies are located in California so having a droplet there speeds up your
1:04    api latency etc. You can select some additional
1:12    options here like ipv6 networking
1:19    user data I’m just going to enable monitoring for now because that allows us to collect cpu
1:25    load and all that other data. For the authentication I’m just going to go with a password for now
1:32    I’m going to type in a password.
1:41    I’m going to give it a hostname of demo, you can enable backups,
1:50    for this price it’s taken once every week and stays for four weeks
1:57    create
2:02    and now just waiting for it to complete
2:30    so the droplet has been created and if you just want to check what’s happening you can just click on console
2:44    and there you see the login prompt i am going to close out the console and we are just going to use
2:52    the command line so I’m going to open windows terminal I’m in on uh windows 10 insiders
3:00    but you can also use putty for this so I’m going to go ahead and use this ip
3:06    address on debian by default it’s going to be the user is going to be root
3:12    so ssh root at
3:23    the first time you connect is going to verify the fingerprint
3:30    yes so now that we are in we’re just going to go
3:35    and do a sudo apt get update
3:43    and upgrade just to see if there are any updates pending yes
3:52    and now your droplet is ready to use

Creating a New Sudo User

3:58    so in order to manage your droplet it is highly recommended that you use a non-root account but with a suit
4:05    but with the pseudo privileges so we’re going to create a new user on this debian install and we’re going to
4:13    add a new sudo user so the command to do that is add user
4:18    and I’m going to name it malcur and type in a password for the new user
4:26    verify
4:35    and the user is created now second thing you want to do is you need to add this root you need to
4:43    add this user to the pseudogroup and the command for that is user mod dash a
4:50    uppercase g and the group is going to be sudo and which user do we
4:56    want to add we want to add the user malcu
5:02    and the user is added so now we want to log in as the user and see if everything is okay and it is able to do
5:09    other stuff and use the pseudo privileges so we do a pseudo su
5:16    [Music] and we are logged in as melchio the new user we just created
5:23    will go into the home directory and we are going to do let’s see let’s
5:30    sudo that’s asking for a password
5:39    so we are able to use the studio privileges on this user

Using Sudo but Without a Password Prompt

5:47    so now we want to use the pseudo user but we don’t want it
5:53    to you uh to ask us for a password every time so what you can do is you can edit the etsy sudo as file
6:00    sudo I’m going to use wim as my default text editor let’s see
6:13    and here
6:19    we’re going to type in now p-a-s-s-w-d
6:35    exit out of it so this time it did not ask us for a
6:41    password and that’s how you enable cd commands without having it to request as a
6:47    password every time I’m going to install the um shell

Installing Oh My ZSH Framework

6:56    for this user because it makes it a little easier to customize the shell prompt and also to
7:02    access the history and all that stuff so you can go ahead and search for oh
7:10    my zsh
7:15    this is the command you want to type down but uh for this you need curl and some other
7:20    utilities to be installed in advance so let’s go ahead and install that first so i’ll just go ahead and do a sudo
7:27    apt-get install we need coral to beget jit I’m also going to install
7:36    h top while I’m at it and of course it needs the csh shell enter yes
7:51    so that being installed now we are going to install the actual omega sh framework
7:58    just going to clear out of it and this is the command you need to type
8:03    [Music] it’s going to ask you to change the default shell to zsh
8:09    default is yes it’s going to ask a password to verify and zsh is the default shell
8:20    we are going to add two extensions two plugins basically to oh my zsh
8:27    framework the first one is zsh auto suggestions
8:35    so this is the command you can again go to the get a page and copy this command from there
8:44    the second thing you need to do is install csh completions
8:50    you just go to the get a page for csh completions copy the command from there and enter
8:56    this here and both the plugins have been installed so we are just going to go ahead and
9:01    enable it clear out so
9:07    the file that you need to edit is inside your home directory and it’s called zshrc
9:15    and optionally you can change the theme here agnostic happens to be the most popular
9:25    and that’s what I’m going to use for this for the purposes of this demo
9:30    and here you see the plugins
9:37    so I’m going to add a space and type in zsh
9:43    completions and zsh two suggestions
9:55    hit escape right and exit I’m just going to exit and
10:02   exit and going to change back to the user login as the user again
10:08   just to verify that the shell changes have taken place take an effect
10:18   [Music] and there you see we have the prompt and that’s going to clear it out so
10:24   it allows you to it automatically fills up the commands
10:30   from your history and suggests your comments so i just typed in ls-el and if you type
10:36   ls then you can see that it is suggested suggesting the parameters automatically
10:44   so that’s how you install zsh

Installing AMP in the L-AMP

10:55   so now we’re going to install the lamp server on the system and the command for this thing is this
11:02   so what we are essentially going to do is sudo and apt-get install we’re going to
11:09   install apache and live apache to mod fcg id then of course we need mariadb server
11:17   php the php extension for mysql php extension mba string zip
11:25   gd and of course the package php dash fbm which is going to install the php
11:31   dash fpm service and all hit enter
11:40   enter
11:47   so all these services are installed all these packages are installed now what we need to do is uh we need to
11:52   enable these services so for that now we need to enable essentially three services
11:58   sudo system ctl [Music]
12:08   apache php fpm and
12:16   mariadb and then you can start these services
12:29   start apache
12:43   now the next thing we want to do is uh secure the mysql installation for that the command is to do
12:52   mysql
12:58   secure installation so it’s going to ask enter the current root password we don’t have a root password set yet
13:06   so we want to set the root password I’m going to put in a password here
13:15   remove anonymous users yes disallow root in remotely so this means you will not
13:21   be able to connect to this mario db server from an external server you can only connect to only the locally
13:28   installed services will be able to connect to the to the local mariadb server so yes
13:36   remove test database reload privileges yes we’re just going to go ahead and
13:43   create a we’re just going to get ahead go ahead and see if
13:48   we are able to access apache so this is the ipf address of this droplet and
13:55   i hit this and we have the party to debian default page and we are going to enable
14:04   the configuration [Music]
14:10   for php 7.3 fpm
14:16   and it’s enabled we’re just going to reload apache copy paste but
14:23   you need sudo here to go to the beginning of the command line you can just hit ctrl a
14:28   and for the end you can go uh and hit control e to go to the end of the command line
14:34   so let’s just test it out first we are going to go ahead and create a php info file
14:41   so apache hosts the files here where www html
14:49   and the index that you and the file index.html is the default
14:55   apache file on debian which is what you see here
15:00   so I’m going to create sudo p webmp dot php
15:19   and now we can type in slash p dot php to see if everything is okay
15:26   so there you have it it’s using php fpm and these are the
15:31   modules that are installed
15:42   and just as a little cleanup we are going to remove p dot php because sometimes it
15:48   reveals too much because oftentimes it reveals too much information about your server configuration and we are also going to
15:55   remove index.html because we don’t need it
16:01   and that’s your lamp server up and

Installing phpMyAdmin From the Repository

16:06   running we are now going to install phpmyadmin
16:12   but i typically don’t like to install it from the sources because there’s a quite some bit of
16:18   configuration that is required i instead modify the sources so that uh it also keeps
16:23   the instant the package updated so what we’re going to do is
16:28   we’re going to amend the sources.list file so that it can install it from the repository
16:35   so pseudo and we’re going to edit etsy at
16:42   sources.list right at the top you’re going to add a line
17:13   now remember to disable this repository after you’re done because otherwise it will continue to install packages from the testing
17:20   repository which is not very stable but it does give you some cutting edge
17:27   versions of the packages so next thing you do is sudo apt get
17:37   update so it’ll fetch the newer packages
17:45   and now you can do a sudo [Music]
17:53   that’s going to install a whole bunch of things here so continue yes
18:01   and it is asking if you want to configure phpmyadmin to automatically run inside with apache integrate with
18:08   apache or light httpd so I’m just going to select apache and hit
18:14   ok
18:26   by the way you can see that since we enabled the test repository it’s installed php 7.4 18:32   as well so configure phpmyadmin with dbconfig.com yes
18:37   and we’re going to create a password for the phpmyadmin user
18:53   now that being installed you do actually want to have another user for database administration
19:00   so we are going to create a mysql user for database administration so the way you do is sudo
19:08   mysql dash user is going to be root we are going to log in as a root user
19:14   from the shell and create a new user
19:25   and we’re logged in
19:33   create user I’m going to call it db mgr at
19:42   localhost
19:48   identified by I’m going to give it a password for now I’m just just going to
19:53   give it to a simple password like my password
20:00   never use this one this one never use this kind of a password on a
20:06   production system
20:12   we forgot the terminator okay that’s done now you also need to give all the
20:18   privileges to the new database manager user you created so that you can use that
20:24   user to manage the databases so the command for that is
20:29   grant all on there’s a wild card privilege
20:46   too and then you do a flush
20:58   exit and now you can go back to the droplet and then type in phpmyadmin
21:09   and we can log in as the user dbmgr and we can type in the password we just
21:15   created
21:26   so that’s done now by default you’ll see this uh database over here information schema
21:33   and if you don’t want it you can go to settings
21:39   features and databases
21:45   and here you can put in high databases
21:51   and that’s gone so that’s how you install phpmyadmin on debian from the repository

Securing Public Web-Directories

22:06   now we’re going to secure the apache directories from weather files where the public files are served so for that
22:14   uh reason I’m going to create a new user which is going to be a non-sudo user and which will have access to these
22:21   directories so like in like we previously did we’re just going to do a sudo
22:26   add user and let’s just call it web manager try to avoid
22:34   typically common names like admin webmaster etc
22:40   so it’s asking for a password in a production environment you never
22:45   want to use a password you instead want to use a ssh based authentication system
22:56   and we’re going to add this user to the www data group because that’s a one that is
23:04   used by apache by default sudo user mod dash a
23:12   capital g the group is going to be www data and the user is going to be the one
23:19   that we just created web mgr right clear out of this now we need to
23:27   go ahead and get into where slash www slash html directory and
23:34   see what the permissions are here so right now this directory is owned by root which is not what we want we want
23:42   this directory to be owned and writable and readable by the web
23:48   user which is www.data so for that we are going to do a pseudo
23:54   ch bone so essentially change the ownership i do a recording just in case if you already
24:00   have directories inside it and
24:06   user and group is going to be www.data and the directory is going to be the
24:12   current directory that being done i also want to enable
24:18   enable inheritable permissions for all the directories going forward in the future so what I’m going to do is sudo
24:27   chmod 2775  24:33   the current directory and if you already have existing
24:42   directories and files inside it you would certainly want to do a sudo find
24:50   in the current directory what we want to do is we want to find
24:55   directories and execute
25:02   [Music]
25:10   so this essentially this command essentially is going to find all the directories recursively and that’s going to apply
25:16   these permissions to the directories seven seven five seven means writable by the users
25:22   another the next seven means writable by the group and five means readable and executable by
25:27   others and for the files what you need is
25:35   664 so this essentially means read and write permissions on the files
25:41   so instead of d we type in f which means for the type file
25:48   and that’s it so now nobody else can go into this directory and write anything other than
25:55   the users which are part of the www data group if i try to touch something
26:01   here touch test.php it’s going to say service denied but if i go ahead and
26:07   sudo s u web
26:13   mgr ls dash yes if i do a touch as web manager user that we just created
26:23   and the file is there i can edit this file if you can create a file most certainly you can edit it
26:31   [Music]
26:36   i just wrote that file I’m going to delete that file now because we don’t need it and that’s how you secure the apache web
26:43   directories

Installing WordPress via Command Line

26:50   so we’re now going to install wordpress on this uh droplet we created and right now I’m
26:56   logged in as a pseudo user but i need to log in as a user which is the part of
27:02   which is a part of www.datagroup so I’m going to login as a user that
27:07   i’ve already created and I’m going to switch to the directory
27:14   where we want to install so by default it’s supposed to be where slash www.html
27:23   and here we are going to download wordpress so we do a wket
27:32   https
27:38   oops we need a dot there gz so there’s the url where you can
27:45   always find the latest wordpress version it’s downloaded we are going to extract it now we’re going to
27:52   do a tar xvzf so extract verbose and the compression
27:58   type is gz and fs file
28:07   so wordpress is extracted but it happens to be in a subdirectory right now so we need to bring it to the root
28:13   if you have multiple installations of wordpress then you can obviously you know install it inside subdirectories and configure
28:19   apache to serve those wordpress installations from their own root web route
28:26   so I’m going to get rid of this file and I’m going to move all the
28:32   files inside wordpress to the current directory so move wordpress all the files inside were
28:41   pressed to the current directory that is a dot so as you can see all the direct uh all
28:47   the files and directories inside wordpress have been moved to the current directory and we don’t need this uh
28:52   wordpress directory anymore so we are going to remove it rm rf in fact you should at least verify if
28:59   there is any file left inside wordpress like htxs or other stuff
29:10   so to install wordpress you need to have a database in advance so you can just go to new or you can go to databases here
29:16   and I’m going to name the database wordpress you can name it anything
29:25   and we’re just going to go to the ip address for this droplet which is here hit enter and wordpress
29:32   should pop up yes it is asking us for database name username
29:39   so if you have multiple used databases and you have multiple database users so you can put in the
29:45   username here we just have a single database user as of now so we’re just going to use that
29:51   but it is not recommended that you use a common database user for all the databases because that is a security
29:57   threat and if one of the website gets infected the infection can travel into
30:02   other databases
30:15   run install I’m just going to call it malcur demo you can put in a username
30:24   try to avoid admin usernames because they are pretty common and hackers actually try to access your website using those
30:31   usernames you can put in a password just remember not to forget it you can
30:37   put in an email address here and since this is a website which is not yet launch ready you can just uh
30:44   discredit search engines from indexing this site and install wordpress and
30:50   then you log in so the user was this and password was
30:55   this and you’re logged in

Installing Certbot

31:08   what I’m going to do is I’m going to install start bot so that we can also add ssl certificates to this thing
31:15   so i already have a domain pointed to this thing but let’s see so on debian the command
31:21   is sudo apt install
31:28   apt is just a wraparound app dash get command so you can use apt also hit enter
31:37   we are going to refresh the snapcore
31:44   next
31:58   so
32:12   [Music] okay there are no updates available and
32:19   now we are going to install the actual starboard
32:47   and I’m also going to create a link to the third bot
32:54   application so right now it is installed inside the snap slash bin short bot
33:02   but I’m going to link it to user bin so that
33:10   it is available from everywhere and you just want to check if it is available you can do sudo which
33:22   yep it is accessible now and the next command you need to run is sudo cert bot
33:40   so email address it’ll ask you for an email address I’m going to enter
33:46   this one for now terms of service agree yes
33:53   do you want them to contact you for stuff no
34:00   account registered please enter the domain name so i have already pointed a domain to this droplet and that droplet the domain is
34:09   demo.malcure.com
34:16   as requesting a certificate and it’s automatically going to integrate the configuration with
34:22   apache because we watched the past apache flag and once the certificate is installed
34:28   what you need to go ahead and do is uh you need to restart apache so what you’re going to do is sudo
34:35   service apache2 restart so now you can go to the domain
34:44   [Music] using ssa using ssl https
34:50   this should work and yes it loads fine the certificate is fine
34:56   but wordpress needs to the wordpress configuration needs to be pointed
35:02   to ensure that wordpress actually loads on the new domain instead of the ip address

Installing WP-CLI

35:19   we’re going to install wp cli which is a command line wordpress utility allowing you to manage
35:25   wordpress installations and the wordpress databases from the command line so the command for that is this is the
35:34   file that you need to get with curl so curl is going to get this
35:39   file and output it save it basically so the file is saved
35:44   we’re going to do uh sudo chmod plus x on this
35:51   file we just downloaded this is going to make the file executable so you can do php
35:59   if the file is not executable you can still test it with the php wp cl
36:06   this way it will give you all the help commands etc and you can just do a queue to quit so
36:12   we’ve already made it executable and we are going to move it to
36:21   the bin directory so that all the users have access to it
36:30   it’s we’re going to move it as wp so it’ll be available as a wp
36:36   command if you do a wp-info there it works
36:48   so what happens if you have a site but you want to move it to a new domain
36:53   so as you saw uh previously this site was actually installed on this
36:58   specific ip address 138.68.18.187 and when you reload this thing wordpress
37:04   is still not aware that it’s running on a domain so you need to operate update the wordpress database and for
37:10   that thing we are going to use the wbcli and I’m going to run the this command it
37:16   says wp search dash replace so we’re going to do a search and replace the database and
37:22   we’re going to search for this ip address which is within codes going to replace it with the actual domain name again which is within codes
37:29   and we’re going to do the search and replace in all tables and initially we’re just going to do a
37:35   dry run so it’ll scan the database for the string but it’s not going to make any changes
37:42   and here it lists that it needs to make nine replacements
37:47   and we run the same command without this parameter and it is actually going to do the
37:53   replacement so now if you go back to the site and reload
37:59   it’s actually going to load all the css and all that stuff

See Also:

This article is written by Evelyn Allison. Evelyn has over two decades of experience with the big-tech corporate giants. Starting in 2002 with consumer IT remote support, he transitioned into IT enterprise support and systems provisioning for Windows and Linux servers. Her prowess spans her expertise in network security, security audit and scripting-based-automation. Actively involved in web security since 2017, Evelyn has worked with various technologies to secure the web, leveraging tech like Nginx, modsecurity, reverse-proxies, developing web-application-firewalls, on-the-fly asset optimization using Google’s PageSpeed Module and more. Her expertise is reflected in the top-tier plugins and comprehensive consulting-services she offers in the domain of web-security.