WordPress is a widely-used content management system (CMS) that enables users to create and manage websites with ease. Combining it with Apache, MariaDB or MySQL, and PHP forms a robust LAMP stack ideal for hosting dynamic websites. Installing WordPress on Debian 12, 11, or 10 involves setting up these components to work seamlessly together, ensuring a reliable and scalable web hosting environment.
This guide will walk you through the process of installing WordPress with Apache, MariaDB or MySQL, and PHP on Debian 12, 11, or 10 using the command-line terminal. Additionally, it will cover tips for creating an SSL certificate with Let’s Encrypt to secure your site and address common WordPress issues such as HTTPS redirect loops, PHP session errors, and domain name redirect loops if you encounter them.
Install Apache – Part 1 of LAMP Stack Setup
Apache 2, a web server, represents the first essential component of the LAMP stack on Debian. Begin by installing Apache 2 with the following command:
sudo apt install apache2
Those interested in a newer Apache version can refer to our detailed guide on upgrading Apache in Debian.
After installation, confirm Apache’s successful installation by checking its version:
sudo apache2 -v
Expect a response like Server version: Apache/x.x.x (Debian). Additionally, verify Apache’s operational status using:
Server version: Apache/x.x.x (Debian)
To further confirm that the Apache server is operational, use the systemctl command:
systemctl status apache2
In case Apache isn’t active, ensure its automatic startup and immediate activation with:
sudo systemctl enable apache2 --now
To test Apache’s functionality, visit your server’s local IP address in a web browser, usually http://127.0.0.1 or http://localhost.
http://127.0.01
http://localhost
Should access issues arise, particularly with the UFW Firewall, enable HTTP traffic on port 80:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
This command adjusts firewall rules to allow web traffic through port 80.
Install MySQL or MariaDB – Part 2 of LAMP Stack Setup
Debian’s recent versions have shifted from MySQL to MariaDB. If MySQL is preferred, consult our guide on installing MySQL 8.0 on Debian. For MariaDB, especially newer versions like 10.5, 10.6, or 10.10, 11.4 follow our MariaDB installation guide using the official MariaDB.org APT Repository.
Installing MariaDB via APT
With MariaDB as Debian’s default, install it using:
sudo apt install mariadb-server mariadb-client
Post-installation, validate MariaDB’s installation:
mariadb --version
Check for a response similar to mariadb Ver 15.1 Distrib x.x.x-MariaDB:
mariadb Ver 15.1 Distrib x.x.x-MariaDB, for debian-linux-gnu (x86_64) using readline EditLine wrapper
Verify MariaDB’s status with:
systemctl status mariadb
If MariaDB isn’t running, start and enable it:
sudo systemctl enable mariadb --now
Navigating Essential MariaDB Service Commands
For individuals new to MariaDB, here’s a concise guide to some fundamental service commands essential for efficient LAMP stack management on a Debian server:
Stopping MariaDB:
sudo systemctl stop mariadb
Starting MariaDB:
sudo systemctl start mariadb
Enabling MariaDB to Auto-start with the System:
sudo systemctl enable mariadb
Disabling MariaDB from Auto-starting:
sudo systemctl disable mariadb
Restart the MariaDB Service:
sudo systemctl restart mariadb
Having these commands at hand simplifies the management of the MariaDB element in your Debian LAMP stack.
Securing MariaDB with the Provided Security Script
New MariaDB installations come with default configurations that may not be optimally secure, potentially exposing your system to unauthorized access or attacks. However, MariaDB includes a security script to strengthen these settings after installation.
Begin enhancing your MariaDB security by executing the mysql_secure_installation script with the following command:
sudo mysql_secure_installation
During the script execution, you will encounter prompts for various security measures:
- Set a password for the root accounts.
- Remove root accounts accessible from remote hosts.
- Eradicate anonymous user accounts.
- Discard the default test database that is accessible to anonymous users.
Typically, responding with (Y) is advisable for these prompts to implement the suggested security enhancements.
[joshua@debian ~]$ sudo mariadb-secure-installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Install PHP – Part 3 of LAMP Stack Setup
PHP acts as the intermediary between Apache and MariaDB. Debian distributions come with varying PHP versions. For specific versions or newer releases like PHP 8.x, see our PHP installation guide for Debian.
To install PHP with Apache, execute:
sudo apt install phpx.x libapache2-mod-phpx.x
For clarity, a concrete example with typical WordPress extension installs would be For Debian 12:
sudo apt install php libapache2-mod-php8.2 php8.2-cli php8.2-common php8.2-zip php8.2-curl php8.2-mysql
Note: Debian 12, 11 and 10 have different default versions, unless you install a custom version from our guide mentioned at the start. Just remember to subsitute the 8.2 to whatever version you are utilizing.
Verify your PHP version:
php -v
After installation, the module usually loads automatically. But, if manual loading is necessary, use this command: sudo a2enmod php{version}
.
sudo a2enmod php8.2
As seen above, the module is already loaded.
To complete the installation process, it is essential to restart the Apache server to integrate the PHP module:
sudo systemctl restart apache2
When switching between PHP versions, such as from 8.0 to 8.1, it’s crucial first to disable the currently active version. To disable PHP 8.0, use:
sudo a2dismod php8.0
Then, activate the new version, like PHP 8.2:
sudo a2enmod php8.2
Following this, restart the Apache server to apply the new PHP module:
sudo systemctl restart apache2
Install WordPress Backend
Downloading WordPress
First, you must download the latest version of WordPress, which is quickly done with the following permalink from WordPress:
wget https://wordpress.org/latest.tar.gz
Extract WordPress Directory
The downloaded file is a compressed tar.gz archive. Use the tar command to extract its contents. This step is vital as it unpacks all the necessary WordPress files needed for installation:
sudo tar -xzvf latest.tar.gz -C /var/www/html/
Setting Permissions and Ownership
It’s essential to set the correct permissions and ownership for the WordPress directory. This ensures the web server can correctly access and modify files for updates, plugin installations, and other operations.
Changing Ownership
The chown command changes the ownership of all files and directories within WordPress to the web server user, typically www-data. This step is critical for WordPress to function correctly on the server:
sudo chown -R www-data:www-data /var/www/html/wordpress/
Modifying Permissions:
Setting the right permissions is crucial for security and functionality. The chmod command sets directory permissions to 755 and file permissions to 644. This configuration allows WordPress to operate securely and efficiently:
sudo find /var/www/html/wordpress -type d -exec chmod 755 {} \;
sudo find /var/www/html/wordpress -type f -exec chmod 644 {} \;
Creating a Database for WordPress
WordPress uses a database to store all site data. This section guides you through creating a new database and user for WordPress using MariaDB, a popular database server.
Accessing the MariaDB Shell:
Log into MariaDB as the root user. This step allows you to create and manage databases and users:
sudo mariadb -u root
Alternatively, if you prefer MySQL:
sudo mysql -u root
Creating the WordPress Database:
Execute the SQL command to create a new database named WORDPRESSDB. Replace WORDPRESSDB with your desired database name. This database will hold all WordPress data:
CREATE DATABASE WORDPRESSDB;
Creating a Secure Database User:
For security, create a unique user for WordPress. This practice limits access and enhances security. Replace ‘WPUSER’ and ‘PASSWORD’ with your chosen username and password:
CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'PASSWORD';
Note: WPUSER and PASSWORD can be whatever you desire. Ensure any further commands reflect what you set at this point when dealing with the database side of installing WordPress with LAMP.
Granting Privileges:
Assign necessary privileges to the new user for managing the WordPress database. This step is crucial to ensure that WordPress can interact with its database:
GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'PASSWORD';
Applying Changes:
After setting up the user and privileges, flush the privileges to apply changes and exit the MariaDB shell:
FLUSH PRIVILEGES;
EXIT;
Configuring WordPress
Set up the WordPress configuration by editing the wp-config.php file. This involves specifying database details and other configurations.
Navigate to WordPress Directory:
Change to the WordPress installation directory:
cd /var/www/html/wordpress/
Configuring wp-config.php:
Rename the sample configuration file and edit it to include your database details:
sudo mv wp-config-sample.php wp-config.php
Using a text editor, bring up the newly renamed wp-config.php file. In our example, we will use nano.
sudo nano wp-config.php
Update the file with your database name, user, and password. You can also set the database charset and collation:
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WORDPRESSDB' );
/* MySQL database username */
define( 'DB_USER', 'WPUSER' );
/* MySQL database password */
define( 'DB_PASSWORD', 'YOUR PASSWORD' );
/* MySQL hostname, change the IP here if external DB set up */
define( 'DB_HOST', 'localhost' );
/* Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/* The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
Optionally, add configurations for direct file edits, memory limits, and table prefixes:
/* Save files direct method */
define( 'FS_METHOD', 'direct' );
/* Increase memory limit, 256MB is recommended */
define('WP_MEMORY_LIMIT', '256M');
/* change WordPress database table prefix if wanted */
$table_prefix = 'wp_';
Setting WordPress Security Keys
Generate unique authentication keys for WordPress. Visit the WordPress secret-key API and replace the placeholder lines in the wp-config.php file with your generated keys.
Configuring Apache for WordPress
Set up a virtual host for your WordPress site in Apache. This step is crucial for directing web traffic to your WordPress installation.
Creating the Virtual Host File:
Create a new configuration file for your WordPress site:
sudo nano /etc/apache2/sites-available/example.com.conf
Configure the file with your domain, document root, and necessary directives:
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/html/wordpress
<Directory "/var/www/html/wordpress">
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/wordpress.error.log
CustomLog ${APACHE_LOG_DIR}/wordpress.access.log combined
</VirtualHost>
Next, run a dry test of your virtual host using the following command.
sudo apache2ctl configtest
Example output:
Syntax OK
As mentioned above, the virtual host configuration has no errors, so you can now enable your virtual host.
sudo a2ensite example.com.conf
Lastly, restart your Apache service.
sudo systemctl restart apache2
Install WordPress Frontend
Accessing the Installation Address
To initiate the WordPress installation, navigate to your website’s domain. Use either of these URLs:
https://www.yoursite.com
https://www.yoursite.com/wp-admin/install.php
Upon accessing the site, you’ll encounter the language settings page. Here, you can select the preferred language for your WordPress installation.
Setting Up Admin Account
The next step involves creating your admin account. This is a crucial step as it sets up your username and password, which you’ll use for future logins. Remember, these credentials are changeable at any point.
Configuring Search Engine Visibility
For websites under construction, it’s advisable to prevent search engines from indexing your site. Select the option “strongly discourage search engines from indexing this site” during setup. This step ensures that search engines like Google and Bing do not index your work-in-progress (WIP) website. You can change this setting once your site is ready for public viewing.
Completion of WordPress Installation
Once these steps are completed and you log in, your WordPress site, powered by the LAMP Stack on Debian, is successfully installed and ready for customization and content creation.
Create a Let’s Encrypt SSL Free Certificate
For enhanced security on Debian, it is crucial to use Let’s Encrypt SSL certificates with your WordPress Apache installation. Let’s Encrypt is a free, automated certificate authority by the Internet Security Research Group (ISRG). It boosts your site’s credibility by enabling HTTPS, a protocol for secure communication over a computer network.
Installing Certbot for SSL Integration
The first step in securing your site with Let’s Encrypt is to install Certbot. Certbot is a software tool that automates obtaining and installing SSL certificates. Install Certbot using the following command:
sudo apt install python3-certbot-apache -y
Generating SSL Certificate
After installing Certbot, generate an SSL certificate with this command:
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com
Customize you@example.com and www.example.com with your email and domain. This step secures your site with HTTPS redirects, Strict-Transport-Security headers, and OCSP Stapling, ensuring enhanced security.
Automatic Renewal of SSL Certificate
Let’s Encrypt certificates are valid for 90 days. To automate renewal, set up a cron job. Edit the crontab file using:
sudo crontab -e
Add this line to schedule daily checks for renewal:
0 3 * * * /usr/bin/certbot renew --quiet
This command checks for renewal daily at 3 AM and renews the certificate quietly if needed.
Transitioning to HTTPS
After these configurations, your site will use HTTPS, redirecting all HTTP traffic to a secure HTTPS connection. This ensures data encryption between your server and users’ browsers.
Setting Up UFW Firewall for LAMP Stack
When using Apache with your LAMP Stack, it’s important to configure the Uncomplicated Firewall (UFW). UFW simplifies firewall management and is essential for controlling access to your server’s services.
Installing UFW
If UFW is not yet installed, add it with:
sudo apt install ufw -y
Enable UFW to start on system boot:
sudo ufw enable
Configuring Apache Profiles in UFW
Apache integrates with UFW and provides several profiles. To list these, use:
sudo ufw app list
The output shows profiles like ‘Apache’ (HTTP), ‘Apache Secure’ (HTTPS), and ‘Apache Full’ (both HTTP and HTTPS). Choose according to your setup.
Enabling UFW Profiles
For a basic setup without SSL, enable the Apache profile:
sudo ufw allow 'Apache'
For HTTPS traffic (after setting up SSL), enable ‘Apache Secure’:
sudo ufw allow 'Apache Secure'
To allow both HTTP and HTTPS, use:
sudo ufw allow 'Apache Full'
Troubleshoot Common WordPress Issues
Resolving PHP Session Errors
PHP session errors, often encountered when using specific WordPress plugins, are commonly due to incorrect permissions in the /var/lib/php/sessions/ directory.
Resolve this efficiently with the following command:
sudo chown -R www-data:www-data /var/lib/php/sessions/
This command changes the ownership of the sessions directory to the www-data user and group. By doing so, WordPress gains the necessary permissions to write session data, which is crucial for plugins handling automated tasks like social media integrations. Rectifying PHP session errors enhances your website’s performance and user experience.
Addressing HTTPS Redirect Loop in WordPress
An HTTPS redirect loop in WordPress, typically occurring after enabling HTTPS, can be fixed by editing the wp-config.php file. This loop happens when WordPress continually redirects to HTTPS, but the process never completes.
Modifying the wp-config.php File
To resolve this, insert these lines into your wp-config.php:
define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTPS'] = 'on';
}
Explanation of the code:
- The FORCE_SSL_ADMIN line ensures all admin pages utilize HTTPS.
- The subsequent code checks the HTTP_X_FORWARDED_PROTO header for ‘https’. When detected, it sets the HTTPS server variable to ‘on’, signaling a secure connection.
Implementing these changes should resolve the HTTPS redirect loop, ensuring the smooth operation of your WordPress site with its secure connection.
Fixing Domain Name Redirect Loop
Redirect loops in WordPress can arise from discrepancies between the domain name in the wp-config.php file and your site’s actual domain.
Verifying the wp-config.php File
Check and adjust the domain name in your wp-config.php:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Ensure the domain name here matches your website’s actual domain. If the problem persists despite correct domain settings, the issue might stem from server configurations. In such cases, contacting your hosting provider for assistance is advisable.
Conclusion
By following this guide, you have successfully installed WordPress with Apache, MariaDB or MySQL, and PHP on Debian 12, 11, or 10. Your WordPress site is now set up within a robust LAMP stack, ensuring optimal performance and reliability. Additionally, you have secured your site with an SSL certificate from Let’s Encrypt, enhancing your site’s security and trustworthiness.
As you continue to manage your WordPress site, be vigilant about addressing common issues such as HTTPS redirect loops, PHP session errors, and domain name redirect loops. Regularly updating your software components and WordPress plugins is crucial to maintaining security and performance. For any ongoing maintenance or troubleshooting, refer back to this guide or consult additional resources to keep your site running smoothly and securely.
Hi Joshua
I followed your instructions and achieved success. Yours is the only set of instructions I have tried that has worked. You have done a lovely piece of work with this.
regards
Neal Clements