Web Hosting

How to host WordPress on a cloud VPS

Shared hosting is convenient but limits performance, configuration, and scalability. Moving WordPress to a VPS gives you dedicated resources, root access, and the ability to tune every layer — from PHP-FPM workers to nginx caching. This guide walks you through a production-ready LEMP stack on Ubuntu 22.04, from a fresh server to a TLS-secured WordPress site.

Step 1 — Choose and provision your VPS

WordPress is lightweight to start but grows with traffic and plugins. A sensible starting point:

  • 2 GB RAM minimum; 4 GB gives comfortable headroom for PHP processes and MySQL
  • 2 vCPU handles concurrent visitors without PHP-FPM timeouts
  • 25+ GB SSD for OS, database, media uploads, and backups
  • Ubuntu 22.04 LTS — LTS release, wide package support

Before anything else, follow our VPS security guide to create a sudo user, disable root SSH login, and enable UFW. Do that first — it takes 10 minutes and matters.

Step 2 — Install the LEMP stack

LEMP = Linux + nginx + MariaDB + PHP-FPM. MariaDB is a drop-in MySQL replacement with better performance on smaller servers.

sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx mariadb-server php8.3-fpm \
  php8.3-mysql php8.3-xml php8.3-mbstring php8.3-curl \
  php8.3-zip php8.3-gd php8.3-intl php8.3-bcmath

# Start and enable services
sudo systemctl enable --now nginx php8.3-fpm mariadb

Secure MariaDB

sudo mysql_secure_installation
# Answer: set root password, remove anonymous users,
# disallow remote root, remove test DB, reload privileges

Create the WordPress database

sudo mysql -u root -p
-- Inside MariaDB shell:
CREATE DATABASE wordpress CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'strong_password_here';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Step 3 — Download and configure WordPress

cd /var/www
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzf latest.tar.gz
sudo mv wordpress yourdomain.com
sudo chown -R www-data:www-data /var/www/yourdomain.com
sudo chmod -R 755 /var/www/yourdomain.com

# Create wp-config.php from the sample
cd /var/www/yourdomain.com
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php
# Edit: DB_NAME=wordpress, DB_USER=wpuser, DB_PASSWORD=strong_password_here

Step 4 — Configure an nginx server block

sudo tee /etc/nginx/sites-available/yourdomain.com > /dev/null <<'EOF'
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/yourdomain.com;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    # Cache static assets
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
    }
}
EOF

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

Step 5 — Free TLS with Certbot

Let's Encrypt issues free TLS certificates. Certbot automates issuance and renewal:

sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Test auto-renewal
sudo certbot renew --dry-run

Certbot patches your nginx config automatically to redirect HTTP to HTTPS and sets up a systemd timer for renewal. You should not need to touch the certificate again.

Step 6 — Basic hardening

# Disable XML-RPC if you don't use remote publishing
# Add to your nginx server block:
location = /xmlrpc.php {
    deny all;
}

# Limit wp-login.php to your IP (optional)
location = /wp-login.php {
    allow YOUR.IP.ADDRESS;
    deny all;
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}

sudo systemctl reload nginx

Also install a security plugin (Wordfence or Solid Security), keep WordPress, themes, and plugins updated, and configure automated daily database backups to off-site storage (e.g. Backblaze B2 or an S3-compatible bucket).

Want a pre-configured server?

AgentOcean VPS plans come security-hardened and ready to install WordPress or any other stack — no manual OS configuration required.

Related