How to Install WordPress with LAMP and free Let's Encrypt SSL on Rocky Linux

WordPress is one of the most popular Content Management Systems (CMS) right now, it's used by millions of people. The WordPress project started in 2003 as a fork from the CMS "b2/cafelog", comes with a GPLv2 license, and becomes free and open-source software.

As for now, more than 34% of websites on the internet are using WordPress. One of the reasons WordPress is so popular is because it's simple, easy to use, and flexible. With hundreds/thousands of plugins, WordPress can be used in some different ways, such as simple blogging engine, eCommerce websites, simple company profile, online forum community, etc.

In this guide, you will learn how to install WordPress CMS on the Rocky Linux 8.4. You will be installing WordPress under the LAMP Stack (Linux, Apache2/httpd, MySQL/MariaDB, and PHP).

Prerequisites

  • A Rocky Linux server. Ensure all packages are updated to the latest version.
  • A user with root privileges. This user will get the root privileges through the sudo command.

Installing Apache/Httpd Web Server

At first, you will be installing the Apache or httpd web server on the Rocky Linux server.

1. Execute the dnf command below to install the httpd web server.

sudo dnf install httpd

Type "y" and press "Enter" to confirm and install httpd packages.

Install httpd webserver

2. If the installation is complete, enable and start the httpd service using the following command.

sudo systemctl enable httpd
sudo systemctl start httpd

The "systemctl enable" command will enable the service to start at every boot.

3. After that, run the command below to verify the httpd service.

sudo systemctl status httpd

And you will get a similar result as below.

start enable and checking httpd webserver

As seen on the top screenshot, the httpd is active and running.

Installing PHP Packages

As for now, the WordPress CMS needs PHP 7.4 or higher for the installation. Now you will be installing PHP 7.4 from the remi repository.

1. Execute the following command to add epel and remi Repository

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Type "y" and press "Enter" to add the epel and remi repository.

When the installation is complete, verify the epel and Remi repository using the following command.

sudo dnf repolist

You will see the epel and remi repository on the repository list.

Checking EPEL and REMI repository

2. Next, reset the default repository module PHP. Then enable the module for PHP 7.4 from the remi repository.

Execute the following command to reset the default php module repository.

sudo dnf module reset php

In the process, type "y" and press "Enter" to add the gpg key remi repository.

Import GPG key REMI repository

After that, execute the command below to enable the php module from the remi repository.

sudo dnf module enable php:remi-7.4

Type "y" to confirm and press "Enter" to continue. Now you're ready to install PHP and all extensions for the WordPress installation.

Enable REMI repository PHP 7.4

3. Execute the following command to install php with some necessary extensions.

sudo dnf install php php-common php-mysqlnd php-gd php-imagick php-bcmath

Once installation is complete, go to the next step.

Installing and Configuring MariaDB Server

For this stage, you will be installing the MariaDB database server, securing MariaDB deployment, and creating a new database and user for WordPress.

1. To install the MariaDB database server, run the command below.

sudo dnf install mariadb mariadb-server

Wait for the mariadb installation.

Install MariaDB Database Server

2. Once the installation is complete, enable and start the MariaDB service using the following command.

sudo systemctl enable mariadb
sudo systemctl start mariadb

4. The mariadb will be active and running, execute the following command to verify the MariaDB service.

sudo systemctl status mariadb

If the mariadb service is running, you will get similar output as below.

Start enable and cehck MariaDB service stats

5. Next, you need to secure your MariaDB deployment by setting up the root password for MariaDB and remove some default configurations. To do that, you can use the command-line tool 'mysql_secure_installation', which is included on the default MariaDB installation.

Execute the "mysql_secure_installation" command below.

mysql_secure_installation

At the first, you will be asked to set up the mariadb root password.

Type your strong mariadb root password and repeat, then press "Enter" to continue.

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

Now type "Y" and press "Enter" to remove the default anonymous user from the mariadb server.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

After that, disable the remote login for the default user 'root'. Type "Y" and press "Enter" to continue.

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

Type "Y" again to remove the default database "test" and press "Enter".

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

And the last, type "Y" again to reload all tables privileges to apply a new configuration.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Now the process is complete and you will see the following output.

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Create Database and User for WordPress

1. log in to the mariadb shell using the mysql command below.

mysql -u root -p

2. Now execute the following mysql query to create a new database "wordpress_db".

CREATE DATABASE wordpress_db;

3. Execute the following query to create a new database user "wpuser". Change the "strongpassword" with your strong password.

CREATE USER wpuser@localhost IDENTIFIED BY 'strongpassword';

4. Allow the user "wpuser" to access and write the "wordpress_db" using the following query.

GRANT ALL PRIVILEGES ON wordpress_db.* to wpuser@localhost;

5. Now reload all tables privileges to apply the new database configuration.

FLUSH PRIVILEGES;

Then you can type "quit" and press "Enter" to exit from the mariadb shell.

Create Database and user for WordPress

Download WordPress

1. Change the working directory to "/var/www" and download the WordPress source code using the wget command as below.

cd /var/www/
wget https://wordpress.org/latest.tar.gz

2. Extract the WordPress source code "latest.tar.gz" and you will get a new directory "wordpress", then change the owner of the "wordpress" directory to "apache" user.

tar -xzvf latest.tar.gz
sudo chown -R apache:apache wordpress/

Now you're ready to configure the WordPress installation.

Setting WordPress

At this stage, you will be editing the WordPress configuration "wp-config.php", set up the database details, and add the authentication key and salts (for additional security protection).

1. First, change the working directory to "/var/www/wordpress".

cd /var/www/wordpress/

2. Copy the sample configuration "wp-config-sample.php" to "wp-config.php", then edit the configuration file using nano editor.

cp wp-config-sample.php wp-config.php
nano wp-config.php

3. Change the database details (DB_NAME, DB_USER, and DB_PASSWORD) with your database information.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress_db' );

/** MySQL database username */
define( 'DB_USER', 'wpuser' );

/** MySQL database password */
define( 'DB_PASSWORD', 'strongpassword' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

4. Visit this link to generate the authentication keys and salts, then paste the configuration to your "wp-config.php" file as below.

/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'v$4/xyGF7t!^(-Xr~lUKT,1oBxOpxzXPAs)kPE_C%Oc^~^%JN]C-y(k>~Wj+JZRM');
define('SECURE_AUTH_KEY',  'y<|#/jfYs,Y_l;{[`2uNp9SMNH8zNGK[eb&RYqb-+bd<a,Fi<9z9rj2_#=R(5O&s');
define('LOGGED_IN_KEY',    '&U8Z{I~,xV%D>FDq+Qx{7@?ZD|_GgYby)z,l5jZDVqLC#&#+]#/6zh1-JQf6n6+X');
define('NONCE_KEY',        'pQv#Z_;q$4E: `AV.0eu-L7JA_BN-dvHV#W|;#s7>PTA<Vfs13S|-pE7RYV8+LX)');
define('AUTH_SALT',        '?;-?bWr%zTbx7lphp&]=IQ-P8D?ItOzs?4rGtaNI,kypb4xj$&X|ueIDA}5v?sj|');
define('SECURE_AUTH_SALT', 'mn<t0DVAfMX*SpqKC7NE}xFNZ|4c_N{s7|s-iKR4Jvc#GPc.9H:aW9%k2r?nAe;Z');
define('LOGGED_IN_SALT',   'ni D0H;5wrM3NQLWe<R-Y$j-_{)4{v*abQ(kAbhNrmi&+EXFMW-Gv7SQb6ya[)!s');
define('NONCE_SALT',       '=BMV@@hmv:~G/<+_8fPvQ(m%oR.A)%ZPtp``sZWK! !G6C%UYPrKU{xQJD.<bd45');
/**#@-*/

Press "Ctrl+x" and type "y" to save and exit.

Enable httpd mod_ssl on Rocky Linux

For this tutorial, you will be installing WordPress and securing with the SSL from Letsencrypt. So you need to enable the mod_ssl for the httpd server on the Rocky Linux.

1. Install the package "mod_ssl" using the dnf command below.

sudo dnf install mod_ssl mod_http2

2. after that, generate the default SSL for localhost using the openssl command below.

openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt

You can just press enter for all questions because this certificate will only be used for localhost, not the WordPress domain name.

Generate SSL for localhost

3. Now execute the following command to ensure the mod_ssl is available on the httpd web server.

apachectl -M | grep ssl

If you have got the output such as "ssl", then the mod_ssl is enabled. Otherwise, you will get blank output.

Enable mod_ssl httpd Rocky Linux

Generate SSL Letsencrypt on Rocky Linux

In this stage, you will be installing the cerbot tool and generate the SSL certificates for the WordPress installation. You will be generating SSL Letsencrypts with the webroot plugin.

1. Execute the following command to install the certbot tool for generating SSL Letsencrypt.

sudo dnf install certbot

Wait for the installation process.

2. Once the installation is complete, create a new directory for letsencrypt authorization using the following commands.

sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp apache /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt

3. Next, change the working directory to the "/etc/httpd/conf.d/" and create a new configuration "well-known.conf" using nano editor.

cd /etc/httpd/conf.d/
nano well-known.conf

Add the following configurations.

Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
    AllowOverride None
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

Press "Ctrl+x" and type "y" to save and exit.

4. Now execute the following commands to verify the httpd configuration and restart the httpd service.

apachectl configtest
sudo systemctl restart httpd

If you've no error, you're ready to generate SSL Letsencrypt with the webroot plugin.

Setting up certbot webroot plugin

5. Before generating SSL Letsencrypt, ensure your domain name is resolved to the server IP address. After that, you can generate SSL Letsencrypt with the webroot plugin by running the certbot command below. Also, change the email address and domain name to your own.

sudo certbot certonly --agree-tos --email [email protected] --webroot -w /var/lib/letsencrypt/ -d domain.com -d www.domain.com

When the process is complete, your SSL certificates will be available at the "/etc/letsencrypt/live/domain.com/" directory.

Setting Up Virtual host for WordPress

In this step, you will be adding a new apache/httpd virtual host configuration for WordPress.

1. Change the working directory to "/etc/httpd/conf.d" and create new configuration "wordpress.conf" using nano editor.

cd /etc/httpd/conf.d/
nano wordpress.conf

Change the detail domain name and SSL path directory to your own and paste the configuration to the "wordpress.conf" file.

# httpd port 80
<VirtualHost *:80>
  ServerName domain.com
  ServerAlias www.domain.com

  # automatic redirect http to https
  Redirect permanent / https://domain.com/
</VirtualHost>

# httpd port 443/ssl
<VirtualHost *:443>
  ServerName domain.com
  ServerAlias www.domain.com

  # WordPress path directory
  DocumentRoot /var/www/wordpress

  Protocols h2 http:/1.1

  <If "%{HTTP_HOST} == 'www.domain.com'">
    Redirect permanent / https://domain.com/
  </If>
 
  ErrorLog /var/log/httpd/domain.com-error.log
  CustomLog /var/log/httpd/domain.com-access.log combined

  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
 
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLCompression off

  <Directory /var/www/wordpress/>
       Options FollowSymlinks
       AllowOverride All
       Require all granted
  </Directory>
 
  <Directory /var/www/wordpress/>
       RewriteEngine on
       RewriteBase /
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^(.*) index.php [PT,L]
  </Directory>
</VirtualHost>

Press "Ctrl+x" and type "Y" to save the configuration and exit.

3. Next, execute the following command to verify the httpd configuration.

sudo apachectl configtest

If you got no error, restart the httpd service using the command below.

sudo systemctl restart httpd

Now you're ready for the WordPress installation through the web browser.

Setting up Apache Virtual Host

Installing WordPress

If all related server configuration is complete, you can access your WordPress installation with the web browser.

1. Open your web browser and type the URL address of your WordPress installation.

http://domain.com

Now you will be redirected to the secure HTTPS connection and you will get the page as follow.

Choose language WordPress Installation

Select the language for your WordPress installation, the default is "English (united states)", then click "Continue".

2. Now type your "Site Title" and type a new username, email, and password for your WordPress installation.

Then click the button "Install WordPress" to start the installation.

Installing WordPress

3. After the installation is complete, you will get the following page.

WordPress Installation Successfull

Click the 'Log In' button to continue.

4. Now you will be redirected to the WordPress login page.

WordPress Login Page

Type your username and password, then click "Log In".

5. And you will get the default WordPress index page.

WordPress default Index

6. Move your cursor to the menu "My Blog" and click "Dashboard" or "Themes", and you will get the WordPress admin dashboard as below.

WordPress Admin Dashboard

7. To install the WordPress plugin, move your cursor to the "Plugin" menu and click 'Add New', then you will be redirected to the Plugin page.

WordPress Install Plugin Test

Choose the plugin that you want to install and click "Install Now", then you can click the "Activate" button to activate the plugin.

Conclusion

Congratulation! you've successfully installed WordPress CMS with LAMP Stack on the Rocky Linux server. Below is the stuff you've learned in this tutorial:

  • Installing LAMP Stack
  • Securing MariaDB deployment
  • Create mysql database and user from mysql/mariadb shell
  • Setting up apache/httpd web server for certbot webroot plugin
  • Generate SSL Letsencrypt
  • And the last is a WordPress installation

For the next step, you can choose or buy themes and install it on your WordPress.

Share this page:

0 Comment(s)