How to host WordPress on a cloud VPS
Shared hosting is convenient but limits performance, configuration, and scalability. Moving WordPress to a VPS gives you dedicated resources, root access, and the ability to tune every layer — from PHP-FPM workers to nginx caching. This guide walks you through a production-ready LEMP stack on Ubuntu 22.04, from a fresh server to a TLS-secured WordPress site.
Step 1 — Choose and provision your VPS
WordPress is lightweight to start but grows with traffic and plugins. A sensible starting point:
- 2 GB RAM minimum; 4 GB gives comfortable headroom for PHP processes and MySQL
- 2 vCPU handles concurrent visitors without PHP-FPM timeouts
- 25+ GB SSD for OS, database, media uploads, and backups
- Ubuntu 22.04 LTS — LTS release, wide package support
Before anything else, follow our VPS security guide to create a sudo user, disable root SSH login, and enable UFW. Do that first — it takes 10 minutes and matters.
Step 2 — Install the LEMP stack
LEMP = Linux + nginx + MariaDB + PHP-FPM. MariaDB is a drop-in MySQL replacement with better performance on smaller servers.
sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx mariadb-server php8.3-fpm \
php8.3-mysql php8.3-xml php8.3-mbstring php8.3-curl \
php8.3-zip php8.3-gd php8.3-intl php8.3-bcmath
# Start and enable services
sudo systemctl enable --now nginx php8.3-fpm mariadbSecure MariaDB
sudo mysql_secure_installation
# Answer: set root password, remove anonymous users,
# disallow remote root, remove test DB, reload privilegesCreate the WordPress database
sudo mysql -u root -p
-- Inside MariaDB shell:
CREATE DATABASE wordpress CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'strong_password_here';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Step 3 — Download and configure WordPress
cd /var/www
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzf latest.tar.gz
sudo mv wordpress yourdomain.com
sudo chown -R www-data:www-data /var/www/yourdomain.com
sudo chmod -R 755 /var/www/yourdomain.com
# Create wp-config.php from the sample
cd /var/www/yourdomain.com
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php
# Edit: DB_NAME=wordpress, DB_USER=wpuser, DB_PASSWORD=strong_password_hereStep 4 — Configure an nginx server block
sudo tee /etc/nginx/sites-available/yourdomain.com > /dev/null <<'EOF'
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/yourdomain.com;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}
location ~ /\.ht {
deny all;
}
# Cache static assets
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
}
EOF
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginxStep 5 — Free TLS with Certbot
Let's Encrypt issues free TLS certificates. Certbot automates issuance and renewal:
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
# Test auto-renewal
sudo certbot renew --dry-runCertbot patches your nginx config automatically to redirect HTTP to HTTPS and sets up a systemd timer for renewal. You should not need to touch the certificate again.
Step 6 — Basic hardening
# Disable XML-RPC if you don't use remote publishing
# Add to your nginx server block:
location = /xmlrpc.php {
deny all;
}
# Limit wp-login.php to your IP (optional)
location = /wp-login.php {
allow YOUR.IP.ADDRESS;
deny all;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}
sudo systemctl reload nginxAlso install a security plugin (Wordfence or Solid Security), keep WordPress, themes, and plugins updated, and configure automated daily database backups to off-site storage (e.g. Backblaze B2 or an S3-compatible bucket).
Want a pre-configured server?
AgentOcean VPS plans come security-hardened and ready to install WordPress or any other stack — no manual OS configuration required.