6 min read - May 20, 2025
Learn how to select the ideal VPS plan and configure a secure, optimized LAMP or LEMP stack for WordPress. A step-by-step guide for beginners and developers.
Hosting WordPress on a VPS offers greater control, scalability, and performance compared to shared hosting. This guide walks you through selecting the right VPS plan and setting up a secure, optimized server environment tailored for WordPress.
Key considerations:
ssh username@your_server_ip
SSH allows you to remotely and securely access your VPS to manage it via command line. Run this from your terminal (Linux/macOS) or use an SSH client like PuTTY on Windows.
sudo apt update && sudo apt upgrade -y
Keeps your server's packages secure and up to date with the latest patches.
adduser your_username
usermod -aG sudo your_username
Creating a non-root sudo user prevents brute-force attacks targeting the default 'root' account and is a common best practice for VPS hardening.
⚠️ Before restarting SSH, always ensure your new port is open by updating the firewall and testing it. Otherwise, you may get locked out.
sudo nano /etc/ssh/sshd_config
Change:
PermitRootLogin no
Port 2222
Editing the SSH config allows you to disable root login and move SSH access to a non-default port, which blocks most automated login attempts.
Then restart SSH:
sudo systemctl restart ssh
Restarting SSH applies your new settings. Always ensure the firewall rule for your new SSH port is active first to avoid being locked out.
You can check the new SSH port is active before restarting by entering this in your terminal - make sure you replace your_server_ip with the IP address of your server first!:
nc -zv your_server_ip 2222
You'll see a message returned like 'success' - if the connection is refused, check if there is an existing firewall or iptables rule in place
sudo ufw allow OpenSSH
sudo ufw allow 2222/tcp
sudo ufw enable
UFW (Uncomplicated Firewall) helps control which incoming connections are allowed. Add the new SSH port rule before enabling or restarting SSH.
Choose between:
sudo apt install apache2
sudo apt install mysql-server
sudo mysql_secure_installation
sudo apt install php libapache2-mod-php php-mysql
sudo systemctl restart apache2
Apache, MySQL, and PHP make up the LAMP stack. A widely supported setup for running WordPress on a VPS.
sudo apt install nginx
sudo apt install mysql-server
sudo mysql_secure_installation
sudo apt install php-fpm php-mysql
NGINX is a lightweight, high-performance alternative to Apache. It’s commonly used with PHP-FPM and MariaDB/MySQL in LEMP setups.
Nginx PHP config snippet:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
The PHP location block tells NGINX how to process PHP files by passing them to the installed PHP-FPM service.
To keep it simple, we’ll just edit NGINX’s default config and add the snippet above, which is already enabled by default on most VPS setups.
sudo nano /etc/nginx/sites-available/default
Inside the server { ... } block, replace or update it to look like this:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Remember to replace:
yourdomain.com
with your actual domain name or server IP.php7.4-fpm.sock
with the installed PHP version (e.g. php8.1-fpm.sock
). You can check the currently installed version by using:
php -vroot /var/www/html
with the correct path if your WordPress files are located elsewhere (it will be here by default usually).Re-start NGINX
sudo ln -s /etc/nginx/sites-available/your-config /etc/nginx/sites-enabled/
sudo nginx -t # test for syntax errors
sudo systemctl reload nginx
Restarting your web server applies the new configuration changes.
sudo apt install fail2ban
Fail2Ban automatically blocks IPs that show signs of malicious behavior, like repeated failed login attempts.
Automatic updates can sometimes cause compatibility issues with PHP or MySQL. Enable them only if you're comfortable troubleshooting or keeping regular backups. Best practice is to perform updates manually at regular intervals!
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
In Part 2, we’ll walk through how to install WordPress itself, file placement, database setup, and browser install.
Staring at screens all day? Learn how to reduce digital eye strain with proven techniques and tools. This guide is essential for remote workers, developers, and anyone in tech.
4 min read - May 21, 2025
5 min read - May 20, 2025
Flexible options
Global reach
Instant deployment
Flexible options
Global reach
Instant deployment