In this guide I’ll cover what I feel is the best current option for installing WordPress on a DigitalOcean VPS.
DigitalOcean has been my preferred web hosting platform for a few years. I’ve set up a handful of servers there, but never really took the time to document any part of that process.
So when a new project rudely elbowed its way to the top of my TODO list, I decided to make more careful notes and share them.
First, if you don’t have one already, sign up for a new DigitalOcean account. As a bonus for signing up through my DigitalOcean link, you’ll get a free $100 credit for the next 60 days to test out the service, and you’ll help support this site.
Provision a server
That involves selecting a template from the DO Marketplace.
The OpenLiteSpeed WordPress template will install everything that you need to rapidly deploy your WordPress site, notably:
- OpenLiteSpeed – This is the fourth most popular web server behind the behemoths nginx, Apache and IIS. Recent performance updates to OpenLiteSpeed claim speeds that rival or surpass nginx.
- PHP 7.3 – Though a minor version behind, it’s refreshing to have a modern version of PHP available right out of the gate.
- MariaDB 10.4 – A recent version of the open source alternative to MySQL.
WordPress 5.3 – Of course, the most important component, the most recent release of WordPress. Best of all, this template is maintained by LiteSpeed. You may see slightly newer versions during your own install. All of this is deployed via DO’s scripted processes on to Ubuntu 18.04 LTS. The Long Term Support release means that the server will receive security patches for a few extra years.
Now that we’ve chosen the template, let’s dive into the details.
Choose the server size
WordPress sites tend to be relatively light on resources. Unless you’re planning to migrate a high-traffic site to DO, a small server will be likely be enough. In fact it’s possible to run multiple separate WordPress sites on a single small VPS.
I chose a basic $5/mo 1GB RAM plan, and I can scale up the server stats in the backend as needed.
I also chose to enable DigitalOcean’s automated weekly backups (at the bottom of the page). Nice to have in the event of catastrophe. For daily backup options, there are a number of WordPress plugins from which to choose.
During the droplet creation you can configure login authentication into the server. If you already have an SSH generated, upload the public key to DO and you’ll be granted login capability immediately. Otherwise, you can always get a plain ol’ password emailed to you.
Choose a datacenter
DigitalOcean provides datacenters worldwide.
For the best performance, you’ll typically want to choose a region closest to where you live.
Once you click the create button at the bottom of the screen DigitalOcean will provision the server in the background. It will let you know when it’s ready to go.
Add your domain name
You’ll need to point a domain name to your new server’s IP address next.
On your project’s home page, you should see your newly-provisioned Droplet. Click the ellipsis ... symbol on the far right of the row to reveal a dropdown, then choose Add a domain.
Click the domain’s name to edit the DNS records. You should see an A record and a few NS (nameserver) records.
Remember that you must also configure your domain itself to point to DigitalOcean. Every domain registrar (DreamHost, Name.com, GoDaddy, etc.) all have different user interfaces. Generally you’ll do this in your domain registrar’s UI by changing the nameservers to ns1.digitalocean.com, ns2.digitalocean.com, etc.
On the next page, type in your domain name next to your chosen server and click create, and you should see it populate in the list.
Note: by default DigitalOcean does not send www subdomain traffic to your server! If you want your domain to start with www, you’ll need to add a new A record with a hostname of “www” manually.
Don’t worry if you’re unable to immediately reach the server by typing the domain name into your browser.
Legend has it that DNS changes can take anywhere from a few minutes to a couple hours — days? — to propagate worldwide.
While we wait for our changes to spider their way through the netiverse, we can move on to finish up the server config.
Server setup
Once your server is available for use, log into via a terminal SSH session to the public IP address. If you don’t already know it, you can find it in DigitalOcean’s web UI.
Replace 111.111.111.111 with your server’s IP.
$ ssh root@111.111.111.111On first login, you’ll be presented with a similar message from the OpenLiteSpeed template’s install wizard.
Welcome to One-Click OpenLiteSpeed WordPress Server. To keep this server secure, the UFW firewall is enabled. All ports are BLOCKED except 22 (SSH), 80 (HTTP) and 443 (HTTPS). # Many lines omitted...
The message text will go on to tell you where to find important things, like the addresses to visit your WordPress install, where to see the included phpMyAdmin install, and how to view your (auto-generated) database credentials.
You’ll be prompted to enter the domain name that you set up previously. Both your web server and WordPress instance will be configured with this domain name.
In your waning minutes with the template install wizard (enjoy it while it lasts!) your final prompts will be for an email address to provision and configure a Let’s Encrypt security certificate for your website. During my configuration, I chose to force visitors to use HTTPS.
Enter ‘y’ to finish up with a full server update. Y not?
User setup
You’d be crazy to use the root account for everything you do on the server — depending on your security preferences, you may even choose to disable SSH root authentication entirely.
Instead we’ll need a regular user account that we can use for day-to-day maintenance. I named my user deploy.
$ adduser deploy
$ adduser deploy sudoEnter a password and then continue with the prompts. You can safely leave all other user attributes blank.
Unfortunately you won’t be able to log in yet with the deploy user. You’ll first need to enable password authentication for SSH connections.
$ nano /etc/ssh/sshd_configFind the PasswordAuthentication line and make sure it is set to yes.
PasswordAuthentication yesFor the changes to take effect, you’ll need to restart the SSH daemon.
$ service sshd restartSave and close the file, then type exit to log out of your server.
Next from your local development terminal, you’ll want to copy your SSH key up to the server for the deploy user (and also root if you authenticated with a password).
$ ssh-copy-id deploy@111.111.111.111If everything worked right, you ought to now be able to log in with SSH authentication into the deploy account.
$ ssh deploy@111.111.111.111Once you’re in, go back into the SSH config file and disable password authentication.
$ nano /etc/ssh/sshd_configPasswordAuthentication noYou may now also choose to disable root authentication by changing PermitRootLogin from yes to no. Other security settings are outside the scope of this guide.
$ service sshd restartBeautiful! Almost done.
Begin the 5-minute install
Hooray! Now you ought to be able to visit your server at http://111.111.111.111 (or your chosen domain name) and begin the WordPress 5-minute install.
Create your WordPress user account credentials, log in, and you’re in business!
But, my friend, this is not the end of your DigitalOcean VPS journey. It is only the beginning.
You’ll next want to review a few links for security guides and practices for maintaining the server.
This link is a good summary of those options: https://www.digitalocean.com/community/questions/best-practices-for-hardening-new-sever-in-2017
The good news is that the most important parts (configuring a non-root user, enabling a firewall, etc.) were already either covered in this guide or handled during the initial template install.
Happy WordPressing and good luck!
