How to set up a VPS for WordPress: choosing the right stack and server

Hosting WordPress on a VPS offers greater control, scalability, and performance compared to shared hosting. This guide walks you through selecting the right VPS plan and setting up a secure, optimized server environment tailored for WordPress.

Why choose VPS for WordPress?

• Dedicated Resources: VPS provides dedicated CPU, RAM, and storage.
• Enhanced Security: Isolated environments reduce cross-site risks.
• Full Root Access: Customize your entire stack.
• Scalability: Easily increase resources as traffic grows.

Choosing the right VPS plan

Key considerations:

• OS: Ubuntu 22.04 LTS is ideal for beginners and pros alike.
• CPU/RAM: Start with 1 vCPU / 1GB RAM (2/2 for better performance).
• Storage: Use SSD or NVMe. Minimum 20GB.
• Bandwidth: Preferably unmetered or high-limit plans.

Recommended VPS providers

• FDCServers.net — high-performance VPS with unmetered bandwidth and EPYC CPUs.
• DigitalOcean, Linode, Vultr, Hetzner, Contabo (also viable).

Initial server setup

Connect to your VPS via SSH

ssh username@your_server_ip

SSH allows you to remotely and securely access your VPS to manage it via command line. Run this from your terminal (Linux/macOS) or use an SSH client like PuTTY on Windows.

Update system packages

sudo apt update && sudo apt upgrade -y

Keeps your server's packages secure and up to date with the latest patches.

Create a non-root sudo user

adduser your_username
usermod -aG sudo your_username

Creating a non-root sudo user prevents brute-force attacks targeting the default 'root' account and is a common best practice for VPS hardening.

Secure your SSH configuration

⚠️ Before restarting SSH, always ensure your new port is open by updating the firewall and testing it. Otherwise, you may get locked out.

sudo nano /etc/ssh/sshd_config

Change:

PermitRootLogin no
Port 2222

Editing the SSH config allows you to disable root login and move SSH access to a non-default port, which blocks most automated login attempts.

Then restart SSH:

sudo systemctl restart ssh

Restarting SSH applies your new settings. Always ensure the firewall rule for your new SSH port is active first to avoid being locked out.

You can check the new SSH port is active before restarting by entering this in your terminal - make sure you replace your_server_ip with the IP address of your server first!:

nc -zv your_server_ip 2222

You'll see a message returned like 'success' - if the connection is refused, check if there is an existing firewall or iptables rule in place

Configure UFW firewall

sudo ufw allow OpenSSH
sudo ufw allow 2222/tcp
sudo ufw enable

UFW (Uncomplicated Firewall) helps control which incoming connections are allowed. Add the new SSH port rule before enabling or restarting SSH.

Install your software stack

Choose between:

LAMP (Apache-based stack)

sudo apt install apache2
sudo apt install mysql-server
sudo mysql_secure_installation
sudo apt install php libapache2-mod-php php-mysql
sudo systemctl restart apache2

Apache, MySQL, and PHP make up the LAMP stack. A widely supported setup for running WordPress on a VPS.

LEMP (NGINX-based stack)

sudo apt install nginx
sudo apt install mysql-server
sudo mysql_secure_installation
sudo apt install php-fpm php-mysql

NGINX is a lightweight, high-performance alternative to Apache. It’s commonly used with PHP-FPM and MariaDB/MySQL in LEMP setups.

Nginx PHP config snippet:

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}

The PHP location block tells NGINX how to process PHP files by passing them to the installed PHP-FPM service.

To keep it simple, we’ll just edit NGINX’s default config and add the snippet above, which is already enabled by default on most VPS setups.

sudo nano /etc/nginx/sites-available/default

Inside the server { ... } block, replace or update it to look like this:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    root /var/www/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

Remember to replace:

• yourdomain.com with your actual domain name or server IP.
• php7.4-fpm.sock with the installed PHP version (e.g. php8.1-fpm.sock). You can check the currently installed version by using: php -v
• root /var/www/html with the correct path if your WordPress files are located elsewhere (it will be here by default usually).

Re-start NGINX

sudo ln -s /etc/nginx/sites-available/your-config /etc/nginx/sites-enabled/
sudo nginx -t  # test for syntax errors
sudo systemctl reload nginx

Restarting your web server applies the new configuration changes.

Securing your server

Install fail2ban

sudo apt install fail2ban

Fail2Ban automatically blocks IPs that show signs of malicious behavior, like repeated failed login attempts.

Enable automatic updates

Automatic updates can sometimes cause compatibility issues with PHP or MySQL. Enable them only if you're comfortable troubleshooting or keeping regular backups. Best practice is to perform updates manually at regular intervals!

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Next steps

In Part 2, we’ll walk through how to install WordPress itself, file placement, database setup, and browser install.