Setting up WordPress

The following instructions describe how I install WordPress on Ubuntu. The instructions may differ slightly for other server environments, but the basic principles should be the same. This requires shell access to the server, but once it’s finished the WordPress instance(s) should be capable of being administered through a web browser.

Part 1 – Installing WordPress

Download WordPress and move it to /var/www/html/ so it runs from the root directory of the web server.

cd /var/www/html
sudo apt-get install unzip
sudo wget
sudo unzip
cd wordpress
sudo mv * /var/www/html/
cd /var/www/html
sudo mv index.html index.html_old

Log into mysql:

mysql -u root -p

Create a new database (calling it something different to the example below)

mysql> CREATE DATABASE wordpress;
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO wp_user@localhost IDENTIFIED BY "<password>";
mysql> exit

Navigate to /var/www and issue the following command:

sudo chown -R www-data html

Install WordPress, following the instructions at Remember to make a note of the username and password you set up for the admin account.

Part 2 – Configuring WordPress

Log in using the account you just created.

Install and activate some plugins (Acunetix WP Security, Jetpack by, WP-Markdown and WordPress Importer), via the web interface in WordPress.

Navigate to the left hand menu item for Acunetix WP Security, tick all boxes and click on “update settings”. This will apply all recommended security changes.

Use WordPress Importer to import content (posts, tags, files) from other instances of WordPress.

If you want to compose posts in markdown then you’ll need to navigate to Settings –> Writing and tick the boxes for the interfaces you want to default to markdown.

Note: you won’t be able to activate Jetpack unless the server is visible on the public internet.

Remove the “Hello World!” post and the sample page (both should be obvious if they have not been removed!)

Part 3 – WordPress Multisite (optional)

This allows you to run more than one blog/site in a single instance of WordPress. The instructions at are good, and are mostly enough to get it up and running.

There are two more things to do on Ubuntu servers:

Enable mod_rewrite

 a2enmod rewrite

Open /etc/apache2/apache2.conf and find the part that says:

 <Directory /var/www/>
 Options Indexes FollowSymLinks
 AllowOverride None
 Require all granted

Replace AllowOverride None with AllowOverride All

Part 4 – SSL (optional)

Enable mod_rewrite (if you’ve not already done it as part of step 3)

sudo a2enmod rewrite

Enable ssl

sudo a2enmod ssl
sudo a2ensite default-ssl.conf

Amend your apache config to enable pages to be served on port 443

sudo nano /etc/apache2/sites-available/default-ssl.conf

<VirtualHost _default_:443>
DocumentRoot /var/www/html

#Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3

Amend 80 config (e.g. 000-default.conf), to redirect to 443

sudo nano /etc/apache2/sites-available/000-default.conf

DocumentRoot /var/www/html
Redirect "/" ""

Restart apache

sudo service apache2 restart

Change domain in WordPress settings (through UI) to

Create a certificate request (csr):

sudo mkdir /etc/apache2/ssl
sudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/apache2/ssl/yourdomain.key -out /etc/apache2/ssl/yourdomain.csr

Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:West Midlands
Locality Name (eg, city) [Default City]:Your city
Organization Name (eg, company) [Default Company Ltd]:Your Company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []

Copy certificate somewhere sensible

sudo cp /etc/apache2/ssl/yourdomain.csr /home/username/yourdomain.csr

What you’ll need to do then is grab the certificate from home directory, save it somewhere safe and then do whatever you do in your organisation/environment to generate/buy/get a root certificate (there are so many different ways).

Once you have a root certificate, follow instructions at

Configure apache to use certificate

sudo nano /etc/apache2/sites-available/default-ssl.conf

Then add/edit the following lines:

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile  /etc/apache2/ssl/
SSLCertificateKeyFile /etc/apache2/ssl/yourdomain.key

Restart apache

sudo service apache2 restart

At that point your site should serve web pages on https with no error messages.

WordPress troubleshooting

I’ve done a fair bit of WordPress troubleshooting over the last few weeks, including moving sites from one server to another and upgrading server operating systems. While a lot of this isn’t probably that interesting, I did come across a few things that might help other people undertaking similar tasks.

My method for moving content between sites generally involves exporting the content to XML, installing a fresh instance of WordPress on the new server, importing the content using the WordPress Importer plugin, and then seeing what doesn’t work. What usually doesn’t work is uploaded images and files, but it’s just a case of copying across the whole contents of /var/www/html/wp-content/uploads to the new server to fix that.

Talking of which, Debian (and derivatives) changed the default location for websites from /var/www to /var/www/html last year. If you upgrade Debian to the latest version and all your WordPress sites break, then it should just be a case of editing /etc/apache2/sites-available/000-default.conf so that the DocumentRoot value is set back to to /var/www/.

My last revelation is around hardwired links. When moving a site to a new server (with a new URL) there are likely to be many references to the old site URL in config files and in the WordPress database. There is a plugin called Search and Replace which does all the heavy lifting for you, and which should rewrite your new URL to everywhere it needs to be. I’ve used this a few times now and it works really well.

I’m also half way through writing up how I install sites from scratch, but that’s going to be quite a lengthy document and probably deserves a separate post.