---
title: "Installing WordPress on a Digital Ocean Droplet — From Scratch to Finish"
date: 2021-07-02
author: "Shiv"
featured_image: "https://malcure.com/wp-content/uploads/2021/07/unidyne-template.png"
categories:
  - name: "Code, CLI & Utilities"
    url: "/blog/utilities.md"
---

# Installing WordPress on a Digital Ocean Droplet — From Scratch to Finish

![WordPress installation of a Digital Ocean droplet](https://malcure.com/wp-content/uploads/2021/07/wp-on-digital-ocean-1024x576.jpg)DigitalOcean is perhaps the most economical cloud platforms out there… and the best when it comes to affordability, performance, scalability, reliability, control and community. It is perfectly within reach for running multiple site or high-traffic WordPress installs. However if you are just starting out, there’s going to be a slight learning-curve (naturally). Here’s a tutorial to give you a step-by-step walkthrough on installing WordPress on DigitalOcean — from spinning up a fresh droplet to publishing a WordPress website.

Of all the choices of Linux distros, Debian is our flavour of choice — it’s a source distro and doesn’t have any meddling into the OS incurred by means of repackaging.

## The video tutorial covers the following steps:

1. Booting up a new droplet.
2. Creating a sudo user for administrative purposes.
3. Configuring the sudo user-account to not be prompted for passwords.
4. Installing zsh shell and oh-my-zsh framework plus 2 handy plugins.
5. Installing the AMP in the L-AMP.
6. Installing PHPMyAdmin from the repository.
7. Securing Apache’s public web-directories.
8. Installing [WordPress via command-line](https://malcure.com/blog/security/batch-reinstalling-infected-wordpress-plugins-wp-cli/).
9. Installing certbot to enable HTTPS / SSL on the WordPress install.
10. Installing [WP-CLI to manage WordPress installation(s)](https://malcure.com/blog/utilities/wp-cli-cheatsheet/) and common WordPress operations from command-line.
11. Deploying WordPress website to production URL via WP-CLI.

## Video Summary: Installing WordPress on a DigitalOcean Droplet

- 🌐 Setting up a Digital Ocean droplet and initiating WordPress installation.
- 📍 Choosing San Francisco Data Center 2 for better API latency due to proximity to IT companies.
- 🔑 Opting for password authentication and setting up monitoring for the droplet.
- 💻 Accessing the droplet’s console and preparing to use the command line.
- 🔄 Running system updates and upgrades.
- 🚹 Creating a new sudo user for enhanced security.
- 🔐 Adjusting sudo privileges to avoid password prompts.
- 🖥️ Customizing the shell prompt using “oh my zsh” and adding extensions.
- 🖋️ Demonstrating auto-suggestions for command inputs.
- 💡 Installing the AMP in the L-AMP.
- 🔒 Securing the MySQL installation and setting up root password.
- 🌍 Accessing Apache and enabling configurations for PHP 7.4 FPM.
- 📊 Installing phpMyAdmin from the repository and configuring it.
- 🛡️ Securing Apache web directories and setting permissions.
- 📦 Installing WordPress on the droplet and configuring it for the domain.
- 🔐 Installing Certbot for SSL certificates and integrating with Apache.
- 🛠️ Installing WP CLI for command-line WordPress management.
- 🔄 Updating WordPress database to reflect the domain instead of the IP address.

## Video Transcript

### Creating a New Droplet

0:07 so today we are going to spin up a digital ocean droplet and install wordpress on it

0:15 I’m logged into my digitalocean account and we’ll go ahead and click on create

0:21 droplets. I’m going to go with the latest version

0:28 of debian and we’ll just go with a basic shared

0:34 cpu with a regular intel with ssd

0:40 It’s got 1gb one cpu 25gb of ssd disk and 1000 gb of transfer.

0:47 We don’t want to add a block storage I’m going to choose the region as san francisco data center 2.

0:57 the benefit is that most of the it companies are located in California so having a droplet there speeds up your

1:04 api latency etc. You can select some additional

1:12 options here like ipv6 networking

1:19 user data I’m just going to enable monitoring for now because that allows us to collect cpu

1:25 load and all that other data. For the authentication I’m just going to go with a password for now

1:32 I’m going to type in a password.

1:41 I’m going to give it a hostname of demo, you can enable backups,

1:50 for this price it’s taken once every week and stays for four weeks

1:57 create

2:02 and now just waiting for it to complete

2:30 so the droplet has been created and if you just want to check what’s happening you can just click on console

2:44 and there you see the login prompt i am going to close out the console and we are just going to use

2:52 the command line so I’m going to open windows terminal I’m in on uh windows 10 insiders

3:00 but you can also use putty for this so I’m going to go ahead and use this ip

3:06 address on debian by default it’s going to be the user is going to be root

3:12 so ssh root at

3:23 the first time you connect is going to verify the fingerprint

3:30 yes so now that we are in we’re just going to go

3:35 and do a sudo apt get update

3:43 and upgrade just to see if there are any updates pending yes

3:52 and now your droplet is ready to use

### Creating a New Sudo User

3:58 so in order to manage your droplet it is highly recommended that you use a non-root account but with a suit

4:05 but with the pseudo privileges so we’re going to create a new user on this debian install and we’re going to

4:13 add a new sudo user so the command to do that is add user

4:18 and I’m going to name it malcur and type in a password for the new user

4:26 verify

4:35 and the user is created now second thing you want to do is you need to add this root you need to

4:43 add this user to the pseudogroup and the command for that is user mod dash a

4:50 uppercase g and the group is going to be sudo and which user do we

4:56 want to add we want to add the user malcu

5:02 and the user is added so now we want to log in as the user and see if everything is okay and it is able to do

5:09 other stuff and use the pseudo privileges so we do a pseudo su

5:16 [Music] and we are logged in as melchio the new user we just created

5:23 will go into the home directory and we are going to do let’s see let’s

5:30 sudo that’s asking for a password

5:39 so we are able to use the studio privileges on this user

### Using Sudo but Without a Password Prompt

5:47 so now we want to use the pseudo user but we don’t want it

5:53 to you uh to ask us for a password every time so what you can do is you can edit the etsy sudo as file

6:00 sudo I’m going to use wim as my default text editor let’s see

6:13 and here

6:19 we’re going to type in now p-a-s-s-w-d

6:35 exit out of it so this time it did not ask us for a

6:41 password and that’s how you enable cd commands without having it to request as a

6:47 password every time I’m going to install the um shell

### Installing Oh My ZSH Framework

6:56 for this user because it makes it a little easier to customize the shell prompt and also to

7:02 access the history and all that stuff so you can go ahead and search for oh

7:10 my zsh

7:15 this is the command you want to type down but uh for this you need curl and some other

7:20 utilities to be installed in advance so let’s go ahead and install that first so i’ll just go ahead and do a sudo

7:27 apt-get install we need coral to beget jit I’m also going to install

7:36 h top while I’m at it and of course it needs the csh shell enter yes

7:51 so that being installed now we are going to install the actual omega sh framework

7:58 just going to clear out of it and this is the command you need to type

8:03 [Music] it’s going to ask you to change the default shell to zsh

8:09 default is yes it’s going to ask a password to verify and zsh is the default shell

8:20 we are going to add two extensions two plugins basically to oh my zsh

8:27 framework the first one is zsh auto suggestions

8:35 so this is the command you can again go to the get a page and copy this command from there

8:44 the second thing you need to do is install csh completions

8:50 you just go to the get a page for csh completions copy the command from there and enter

8:56 this here and both the plugins have been installed so we are just going to go ahead and

9:01 enable it clear out so

9:07 the file that you need to edit is inside your home directory and it’s called zshrc

9:15 and optionally you can change the theme here agnostic happens to be the most popular

9:25 and that’s what I’m going to use for this for the purposes of this demo

9:30 and here you see the plugins

9:37 so I’m going to add a space and type in zsh

9:43 completions and zsh two suggestions

9:55 hit escape right and exit I’m just going to exit and

10:02 exit and going to change back to the user login as the user again

10:08 just to verify that the shell changes have taken place take an effect

10:18 [Music] and there you see we have the prompt and that’s going to clear it out so

10:24 it allows you to it automatically fills up the commands

10:30 from your history and suggests your comments so i just typed in ls-el and if you type

10:36 ls then you can see that it is suggested suggesting the parameters automatically

10:44 so that’s how you install zsh

### Installing AMP in the L-AMP

10:55 so now we’re going to install the lamp server on the system and the command for this thing is this

11:02 so what we are essentially going to do is sudo and apt-get install we’re going to

11:09 install apache and live apache to mod fcg id then of course we need mariadb server

11:17 php the php extension for mysql php extension mba string zip

11:25 gd and of course the package php dash fbm which is going to install the php

11:31 dash fpm service and all hit enter

11:40 enter

11:47 so all these services are installed all these packages are installed now what we need to do is uh we need to

11:52 enable these services so for that now we need to enable essentially three services

11:58 sudo system ctl [Music]

12:08 apache php fpm and

12:16 mariadb and then you can start these services

12:29 start apache

12:43 now the next thing we want to do is uh secure the mysql installation for that the command is to do

12:52 mysql

12:58 secure installation so it’s going to ask enter the current root password we don’t have a root password set yet

13:06 so we want to set the root password I’m going to put in a password here

13:15 remove anonymous users yes disallow root in remotely so this means you will not

13:21 be able to connect to this mario db server from an external server you can only connect to only the locally

13:28 installed services will be able to connect to the to the local mariadb server so yes

13:36 remove test database reload privileges yes we’re just going to go ahead and

13:43 create a we’re just going to get ahead go ahead and see if

13:48 we are able to access apache so this is the ipf address of this droplet and

13:55 i hit this and we have the party to debian default page and we are going to enable

14:04 the configuration [Music]

14:10 for php 7.3 fpm

14:16 and it’s enabled we’re just going to reload apache copy paste but

14:23 you need sudo here to go to the beginning of the command line you can just hit ctrl a

14:28 and for the end you can go uh and hit control e to go to the end of the command line

14:34 so let’s just test it out first we are going to go ahead and create a php info file

14:41 so apache hosts the files here where www html

14:49 and the index that you and the file index.html is the default

14:55 apache file on debian which is what you see here

15:00 so I’m going to create sudo p webmp dot php

15:19 and now we can type in slash p dot php to see if everything is okay

15:26 so there you have it it’s using php fpm and these are the

15:31 modules that are installed

15:42 and just as a little cleanup we are going to remove p dot php because sometimes it

15:48 reveals too much because oftentimes it reveals too much information about your server configuration and we are also going to

15:55 remove index.html because we don’t need it

16:01 and that’s your lamp server up and

### Installing phpMyAdmin From the Repository

16:06 running we are now going to install phpmyadmin

16:12 but i typically don’t like to install it from the sources because there’s a quite some bit of

16:18 configuration that is required i instead modify the sources so that uh it also keeps

16:23 the instant the package updated so what we’re going to do is

16:28 we’re going to amend the sources.list file so that it can install it from the repository

16:35 so pseudo and we’re going to edit etsy at

16:42 sources.list right at the top you’re going to add a line

17:13 now remember to disable this repository after you’re done because otherwise it will continue to install packages from the testing

17:20 repository which is not very stable but it does give you some cutting edge

17:27 versions of the packages so next thing you do is sudo apt get

17:37 update so it’ll fetch the newer packages

17:45 and now you can do a sudo [Music]

17:53 that’s going to install a whole bunch of things here so continue yes

18:01 and it is asking if you want to configure phpmyadmin to automatically run inside with apache integrate with

18:08 apache or light httpd so I’m just going to select apache and hit

18:14 ok

18:26 by the way you can see that since we enabled the test repository it’s installed php 7.4 18:32 as well so configure phpmyadmin with dbconfig.com yes

18:37 and we’re going to create a password for the phpmyadmin user

18:53 now that being installed you do actually want to have another user for database administration

19:00 so we are going to create a mysql user for database administration so the way you do is sudo

19:08 mysql dash user is going to be root we are going to log in as a root user

19:14 from the shell and create a new user

19:25 and we’re logged in

19:33 create user I’m going to call it db mgr at

19:42 localhost

19:48 identified by I’m going to give it a password for now I’m just just going to

19:53 give it to a simple password like my password

20:00 never use this one this one never use this kind of a password on a

20:06 production system

20:12 we forgot the terminator okay that’s done now you also need to give all the

20:18 privileges to the new database manager user you created so that you can use that

20:24 user to manage the databases so the command for that is

20:29 grant all on there’s a wild card privilege

20:46 too and then you do a flush

20:58 exit and now you can go back to the droplet and then type in phpmyadmin

21:09 and we can log in as the user dbmgr and we can type in the password we just

21:15 created

21:26 so that’s done now by default you’ll see this uh database over here information schema

21:33 and if you don’t want it you can go to settings

21:39 features and databases

21:45 and here you can put in high databases

21:51 and that’s gone so that’s how you install phpmyadmin on debian from the repository

### Securing Public Web-Directories

22:06 now we’re going to secure the apache directories from weather files where the public files are served so for that

22:14 uh reason I’m going to create a new user which is going to be a non-sudo user and which will have access to these

22:21 directories so like in like we previously did we’re just going to do a sudo

22:26 add user and let’s just call it web manager try to avoid

22:34 typically common names like admin webmaster etc

22:40 so it’s asking for a password in a production environment you never

22:45 want to use a password you instead want to use a ssh based authentication system

22:56 and we’re going to add this user to the www data group because that’s a one that is

23:04 used by apache by default sudo user mod dash a

23:12 capital g the group is going to be www data and the user is going to be the one

23:19 that we just created web mgr right clear out of this now we need to

23:27 go ahead and get into where slash www slash html directory and

23:34 see what the permissions are here so right now this directory is owned by root which is not what we want we want

23:42 this directory to be owned and writable and readable by the web

23:48 user which is www.data so for that we are going to do a pseudo

23:54 ch bone so essentially change the ownership i do a recording just in case if you already

24:00 have directories inside it and

24:06 user and group is going to be www.data and the directory is going to be the

24:12 current directory that being done i also want to enable

24:18 enable inheritable permissions for all the directories going forward in the future so what I’m going to do is sudo

24:27 chmod 2775 24:33 the current directory and if you already have existing

24:42 directories and files inside it you would certainly want to do a sudo find

24:50 in the current directory what we want to do is we want to find

24:55 directories and execute

25:02 [Music]

25:10 so this essentially this command essentially is going to find all the directories recursively and that’s going to apply

25:16 these permissions to the directories seven seven five seven means writable by the users

25:22 another the next seven means writable by the group and five means readable and executable by

25:27 others and for the files what you need is

25:35 664 so this essentially means read and write permissions on the files

25:41 so instead of d we type in f which means for the type file

25:48 and that’s it so now nobody else can go into this directory and write anything other than

25:55 the users which are part of the www data group if i try to touch something

26:01 here touch test.php it’s going to say service denied but if i go ahead and

26:07 sudo s u web

26:13 mgr ls dash yes if i do a touch as web manager user that we just created

26:23 and the file is there i can edit this file if you can create a file most certainly you can edit it

26:31 [Music]

26:36 i just wrote that file I’m going to delete that file now because we don’t need it and that’s how you secure the apache web

26:43 directories

### Installing WordPress via Command Line

26:50 so we’re now going to install wordpress on this uh droplet we created and right now I’m

26:56 logged in as a pseudo user but i need to log in as a user which is the part of

27:02 which is a part of www.datagroup so I’m going to login as a user that

27:07 i’ve already created and I’m going to switch to the directory

27:14 where we want to install so by default it’s supposed to be where slash www.html

27:23 and here we are going to download wordpress so we do a wket

27:32 https

27:38 oops we need a dot there gz so there’s the url where you can

27:45 always find the latest wordpress version it’s downloaded we are going to extract it now we’re going to

27:52 do a tar xvzf so extract verbose and the compression

27:58 type is gz and fs file

28:07 so wordpress is extracted but it happens to be in a subdirectory right now so we need to bring it to the root

28:13 if you have multiple installations of wordpress then you can obviously you know install it inside subdirectories and configure

28:19 apache to serve those wordpress installations from their own root web route

28:26 so I’m going to get rid of this file and I’m going to move all the

28:32 files inside wordpress to the current directory so move wordpress all the files inside were

28:41 pressed to the current directory that is a dot so as you can see all the direct uh all

28:47 the files and directories inside wordpress have been moved to the current directory and we don’t need this uh

28:52 wordpress directory anymore so we are going to remove it rm rf in fact you should at least verify if

28:59 there is any file left inside wordpress like htxs or other stuff

29:10 so to install wordpress you need to have a database in advance so you can just go to new or you can go to databases here

29:16 and I’m going to name the database wordpress you can name it anything

29:25 and we’re just going to go to the ip address for this droplet which is here hit enter and wordpress

29:32 should pop up yes it is asking us for database name username

29:39 so if you have multiple used databases and you have multiple database users so you can put in the

29:45 username here we just have a single database user as of now so we’re just going to use that

29:51 but it is not recommended that you use a common database user for all the databases because that is a security

29:57 threat and if one of the website gets infected the infection can travel into

30:02 other databases

30:15 run install I’m just going to call it malcur demo you can put in a username

30:24 try to avoid admin usernames because they are pretty common and hackers actually try to access your website using those

30:31 usernames you can put in a password just remember not to forget it you can

30:37 put in an email address here and since this is a website which is not yet launch ready you can just uh

30:44 discredit search engines from indexing this site and install wordpress and

30:50 then you log in so the user was this and password was

30:55 this and you’re logged in

### Installing Certbot

31:08 what I’m going to do is I’m going to install start bot so that we can also add ssl certificates to this thing

31:15 so i already have a domain pointed to this thing but let’s see so on debian the command

31:21 is sudo apt install

31:28 apt is just a wraparound app dash get command so you can use apt also hit enter

31:37 we are going to refresh the snapcore

31:44 next

31:58 so

32:12 [Music] okay there are no updates available and

32:19 now we are going to install the actual starboard

32:47 and I’m also going to create a link to the third bot

32:54 application so right now it is installed inside the snap slash bin short bot

33:02 but I’m going to link it to user bin so that

33:10 it is available from everywhere and you just want to check if it is available you can do sudo which

33:22 yep it is accessible now and the next command you need to run is sudo cert bot

33:40 so email address it’ll ask you for an email address I’m going to enter

33:46 this one for now terms of service agree yes

33:53 do you want them to contact you for stuff no

34:00 account registered please enter the domain name so i have already pointed a domain to this droplet and that droplet the domain is

34:09 demo.malcure.com

34:16 as requesting a certificate and it’s automatically going to integrate the configuration with

34:22 apache because we watched the past apache flag and once the certificate is installed

34:28 what you need to go ahead and do is uh you need to restart apache so what you’re going to do is sudo

34:35 service apache2 restart so now you can go to the domain

34:44 [Music] using ssa using ssl https

34:50 this should work and yes it loads fine the certificate is fine

34:56 but wordpress needs to the wordpress configuration needs to be pointed

35:02 to ensure that wordpress actually loads on the new domain instead of the ip address

### Installing WP-CLI

35:19 we’re going to install wp cli which is a command line wordpress utility allowing you to manage

35:25 wordpress installations and the wordpress databases from the command line so the command for that is this is the

35:34 file that you need to get with curl so curl is going to get this

35:39 file and output it save it basically so the file is saved

35:44 we’re going to do uh sudo chmod plus x on this

35:51 file we just downloaded this is going to make the file executable so you can do php

35:59 if the file is not executable you can still test it with the php wp cl

36:06 this way it will give you all the help commands etc and you can just do a queue to quit so

36:12 we’ve already made it executable and we are going to move it to

36:21 the bin directory so that all the users have access to it

36:30 it’s we’re going to move it as wp so it’ll be available as a wp

36:36 command if you do a wp-info there it works

36:48 so what happens if you have a site but you want to move it to a new domain

36:53 so as you saw uh previously this site was actually installed on this

36:58 specific ip address 138.68.18.187 and when you reload this thing wordpress

37:04 is still not aware that it’s running on a domain so you need to operate update the wordpress database and for

37:10 that thing we are going to use the wbcli and I’m going to run the this command it

37:16 says wp search dash replace so we’re going to do a search and replace the database and

37:22 we’re going to search for this ip address which is within codes going to replace it with the actual domain name again which is within codes

37:29 and we’re going to do the search and replace in all tables and initially we’re just going to do a

37:35 dry run so it’ll scan the database for the string but it’s not going to make any changes

37:42 and here it lists that it needs to make nine replacements

37:47 and we run the same command without this parameter and it is actually going to do the

37:53 replacement so now if you go back to the site and reload

37:59 it’s actually going to load all the css and all that stuff