How to install WordPress with SSL

In this video I show you how to install WordPress with SSL and some essential plugins. I will use a preinstalled web server with Ubuntu Linux, MySQL, PHP and Nginx (LEMP stack) with Certbot for the Let’s encrypt certificate.



Hi I’m Chris and in this video I will show you how to set up WordPress with SSL and some essential plugins. I will use a pre-installed web server running on Ubuntu Linux with my MySQL, PHP and Nginx with Let’s encrypt.

OK so let’s get started.

As a guideline we will use this support article on the official WordPress website I will put the link to the article in the description down below. As a first step we have to download the WordPress package onto our web server. For this we copy the download link and login to our web server.

Here we can paste and execute the command that will download the WordPress package. Then we extract the compressed file. This results in a directory with the complete file structure from WordPress.

Now we can continue with the instructions from WordPress.

Step 2 is to create the database and the user. Instead of using phpMyAdmin we will use the shell. We open MySQL with root permissions.

First we create the database for WordPress. Then we grant all privileges to all the tables from this new database to a new database user.

To activate the new permissions we flush the privileges. Now the database is prepared and we can exit.

OK so let’s go back to the installation instructions.

We finished preparing the database so we can continue with the next part. So for this we have to scroll all the way down.

We will skip step 3 and 4 and use the installation script in step 5 but before I can call the installation script in a web browser I have to update the DNS record. For this I go to my DNS provider in this case a german DNS provider and update the A-records for the domain so that future requests will be directed to the new server. For the change to take effect it might take a little while.

Meanwhile we can prepare the webroot for the new domain for this I create a folder with the domain name and then the WordPress directory will become our new webroot. Therefore I will move the WordPress directory to its new location and rename it to public_html.

Now let’s change to the domain directory.

If we change into the public_html directory we see all the WordPress files. For the next steps I will change to the root user. We change the owner of the webroot to the web user this way WordPress will be able to write to the directory structure for example for installing plugins next we prepare our new domain for getting the SSL certificate from Let’s encrypt.

Therefore I have to make sure that in our general nginx configuration file there is a location for the ACME challenge for Let’s encrypt. In the nginx configuration file of our new domain we have to deactivate SSL for now to get the Let’s encrypt certificate.

Therefore I copy the port 80 configuration and comment out the ssl port configuration.

Also we have to comment out the snippets, because we still don’t have them.

And we don’t need this line let’s delete it.

OK this should work now. Let’s save the file next let’s change to the sites_enabled directory.

And here we create the symlink to our domain configuration file. This tells nginx to activate our new domain on restart.

OK let’s check the symlink.

This looks good. Now let’s check with nginx if we have any configuration problem. OK so nginx didn’t find any problem. So we can reload nginx now to activate our new domain.

Now let’s get the SSL certificate from Let’s encrypt. This will use the certbot to request a new certificate and store it on the server.

OK great the certificate has been saved to our server. Make sure that you have a cron job to renew the certificate
and reload nginx afterwards. Now we can go back to our domain configuration file to activate HTTPS. Therefore we reverse the changes we did before.

Requests to port 80 we will just redirect to SSL. OK let’s save the configuration.

Before we can reload nginx we have to create the SSL snippet for our domain.

This will tell nginx where to find the SSL certificate. Now let’s check the configuration.

OK perfect now we can reload nginx.

Finally we are prepared to call the WordPress installation script. We just copy the final part of this URL and call it with our own domain name and here we are ready to install WordPress.

First we select English as our language.

In the next step we need the information for our database. So let’s go and enter it.

Here we enter the information we used to set up the database. Just so you know before publishing this video I will reinstall WordPress for security reasons with a different database name and other user credentials. Now we click on submit.

And we are ready to run the installation script. This creates all the tables for WordPress in the database. Then we have to give our site a name and enter an admin user. Of course this data will also be changed before publishing the video.

After entering the data we can install WordPress. And that’s it. We have installed WordPress and are ready to login.

After a fresh WordPress install I always install some basic plugins.

One of these plugins is called Wordfence. This is a plugin that helps you secure your website.

After the installation we have to activate it. Then you can subscribe to their security mailing list.

I won’t subscribe because I’m subscribed with a different email already.

Next you can enter the premium key to get more advanced features or just skip the step for now. Then let’s get rid of
these two default plugins and then let’s install a plugin to inform our users that we are using cookies on our site.

For this I will use “EU Cookie Law (GDPR)“. But first let’s enable auto update for Wordfence. Now we can install the
cookie plugin.

Then we activate the plugin. In order for the plugin to start working we have to activate it in the settings.

To not show the notice for every session I set the cookie acceptance length to one month.

You can change the appearance and what is shown in the cookie notice but for the basic configuration that’s enough and we can save changes now.

If we open our website in a different browser we can see the cookie notice already working. Let’s go back to the
backend and configure Wordfence now.

When opening Wordfence for the first time you are greeted with the tutorial.

Let’s go to all options now. Of course you should adjust all options for your needs but I will show you some basic
configurations I usually do.

Under the general Wordfence options I like to activate “Hide WordPress version”.

Under dashboard notification options I deactivate the notifications for plugins and themes as I leave this to WordPress.

Under email alert preferences I deactivate the emails for when an IP address is blocked or when someone is locked out from login.

Under activity report I disable the email summary.

Then I make some adjustments for the brute force protection.

And I block IP addresses from users that tried to login as admin user.

Under scan options – general options I activate that theme and plugin files are checked against repository versions and I also activate the last two options.

Then I make the final adjustments for the Wordfence Web Application Firewall.

If you are using nginx you should restrict the access to the user.ini file.

For this you have to add the following lines of code to your nginx configuration.

And that’s all. If you found the video helpful hit the like button and subscribe for more videos like this.

See you in the next one.

Leave a Reply