IntroductionVultr's One-Click WordPress application provides everything you need to launch your cloud website hosting with minimal effort. Simply select a server location, choose your size, and click Deploy Now. Your cloud web hosting will deploy in about a minute, and then you are ready to set up WordPress.
WooCommerce SupportedYou can install WooCommerce yourself, or use our One-Click WooCommerce app. WooCommerce users should follow the same steps in this guide.
1. Install SSL CertificateThis step is optional but recommended. For better security and convenience, register a domain name and install an SSL certificate. If you plan to use a commercial SSL certificate, see the Commercial SSL section.
If you skip this step:
- Substitute the server IP address for www.example.com.
- You will encounter a certificate security warning.
- Proceed past the warning to complete setup. See our instructions to bypass the HTTPS warning for self-signed SSL/TLS certificates.
To install a free Let's Encrypt SSL certificate:- Register a domain name and create a DNS record for the server's IP address. Consult your DNS provider for instructions, or see our guide if using Vultr's DNS.
- Verify that DNS has finished propagation, and the name is visible throughout the internet before proceeding. Propagation usually happens quickly but could take up to 48 hours in some cases.
- Connect to your server console or via SSH. Use the root login from the Server Information screen.
- Install the SSL certificate with certbot. Replace the domain name and email with your values. Notice there are two domain names listed:
- example.com is the domain root. This is sometimes called the apex domain or the bare domain.
- www.example.com is the fully-qualified domain name (FQDN).
It's common for websites to respond to both the FQDN and the domain root. For example, the command below creates a multi-domain certificate for both.
Quote# certbot --nginx --redirect -d www.example.com -d example.com -m admin@example.com --agree-tos --no-eff-email
Certbot should report success when finished.
If you skip this step now and install HTTPS later, you may need one of the popular WordPress plugins to force all content to HTTPS, which fixes any unencrypted links WordPress stored previously.
Certbot is installed by default on Vultr's One-Click WordPress. If you need to update or reinstall, please see the recommended installation steps at eff.org.
2. Log in to WordPress Admin AreaLog in to the admin area:
Quotehttps://www.example.com/wp-admin/
Substitute your domain, or use the IP address if you didn't register a domain name. If you do not install an SSL certificate, you'll receive a privacy warning for the server's self-signed certificate. It is safe to proceed. See our instructions to bypass the HTTPS warning for self-signed SSL/TLS certificates.
It's also possible, but insecure, to complete this step using the HTTP URL:
Quotehttp://192.0.2.123/wp-admin/
Enter the security user credentials in the Sign in pop-up. This extra security protects your server while you install WordPress. After your installation is complete, you can disable this pop-up by following these directions.
https://pix.cobrasoft.org/images/2022/12/30/Server-Login.webp
3. Run the WordPress WizardSelect your language and click Continue.
https://pix.cobrasoft.org/images/2022/12/30/Select-Language.webp
Enter your site title, username, and email address. Make a note of the suggested password, or enter your preferred password. Click Install WordPress.
https://pix.cobrasoft.org/images/2022/12/30/WordPress-Install-Step-2.webp
Wait for WordPress to finish the installation, then log in to your WordPress dashboard.
4. Set the Domain NameSet your domain name in the WordPress dashboard.
- Navigate to Settings > General.
- Edit the WordPress Address (URL) and Site Address (URL) to match your domain name.
- Click the Save Changes button.
https://pix.cobrasoft.org/images/2022/12/30/Change-Hostname.webp
[/list]
WordPress stores complete URLs in the database. If you create content before changing the site URL, some pages may have incorrect links. If you have this problem, make a backup, then consider using a database search-and-replace plugin.
More InformationSMTP MailerReliable mail delivery is a common issue with WordPress sites. The One-Click WordPress server has the SMTP Mailer plugin preinstalled, which authenticates with your SMTP server to send mail. You can activate the plugin in your dashboard under Plugins > Installed Plugins.
Once activated, look for the settings link under the plugin name. Configure the plugin to enable outbound email.
Wordfence SecurityWordfence is an endpoint firewall and malware scanner to protect WordPress. We recommend activating the preinstalled Wordfence plugin for additional security logging and scanning.
Cockpit Control PanelAccess your Cockpit control panel at port 9080. For example:
Quotehttps://www.example.com:9080
You'll find the username and password on your Server Information page. If you use the Vultr Firewall, make sure to allow access to port 9080.
Cockpit Let's Encrypt SSL certificateConfigure Cockpit for SSL with these steps.
- Edit /etc/nginx/conf.d/cockpit.conf
Quote# nano /etc/nginx/conf.d/cockpit.conf
Quoteserver_name _;
- Replace the underscore with your server's domain name. The top of the file should now look like this.
Quoteserver {
listen 9080 ssl;
server_name www.example.com;
- Save and exit the file.
- Edit /etc/cockpit/cockpit.conf
Quote# nano /etc/cockpit/cockpit.conf
- Replace both instances of the server's IP address with the server's domain name.
Quote[WebService]
Origins = https://www.example.com:9080 wss://www.example.com:9080
ProtocolHeader = X-Forwarded-Proto
- Save and exit the file.
- Run certbot, following the instructions in the article Install Let's Encrypt SSL on One-Click WordPress App. For example:
Quote# certbot --nginx --redirect -d www.example.com -d example.com -m admin@example.com
[/list]
Certbot will detect the files you updated and automatically install the certificate for Cockpit.
Disable CockpitIf you need to disable Cockpit, SSH to the server as root and run the following command:
Quote# systemctl disable --now cockpit.socket
Maldet Security ScanBy default, Maldet is disabled. However, activating Maldet is highly recommended to remove malware from your WordPress site. SSH to the server as root to enable or disable this feature.
Enable MaldetQuote# systemctl enable --now maldet
PHPMyAdmin Database ManagerAccess your PHPMyAdmin installation at https://www.example.com/mysqladmin/.
You'll find the username and password on your Server Information page.
SQL Database AccessWordPress uses the MySQL database server. For direct access, SSH to the server as root.
Connect to MySQLQuote# mysql -u root
The MySQL root password is located in /root/.my.cnf.
XHProf Performance AnalysisAccess your XHProf installation at https://www.example.com/xhprof/xhprof_html/.
You'll find the username and password on your Server Information page.
Vultr Helper ScriptsVultr provides helper scripts for common issues. SSH to the server as root to run these scripts.
Reset WordPress PasswordIf you need to reset your WordPress admin password, the reset-wp-pass.sh script generates a new strong password and updates WordPress for you.
Quote# /opt/vultr/reset-wp-pass.sh
The new password for the account 'AmazingAdmin' is: [redacted password]
Reset NginxIf Nginx fails to load, you may have a typo or corruption in your configuration files. The fix-vhost.sh script will reset the Nginx configuration to default.
Quote# /opt/vultr/fix-vhost.sh
All vhosts have been restored to their default state!
Check Software VersionsFor debugging purposes, our support team may ask for your WordPress and Ubuntu versions. Run the version.sh script.
Quote# /opt/vultr/version.sh
OS: '18.04.4 LTS (Bionic Beaver)'
WordPress: '5.3.2'
Commercial SSLYou can use a Commercial SSL certificate instead of the free Let's Encrypt certificate.
How to install a commercial SSL certificate- Obtain a certificate from a certificate authority for your domain.
- Replace the server.crt and server.key files in /etc/nginx/ssl/ with the commercial certificate. Refer to your certificate vendor's documentation for details.
- Reboot the server.
Quote# reboot
[/list]
Certbot considerationsCertbot makes changes to the Nginx configuration. If you used certbot to obtain a Let's Encrypt certificate, return the Nginx configuration files to default before proceeding.
- Back up your existing Nginx configuration files
Quote# cp -r /etc/nginx/ /root/nginx
- Revoke your certbot certificate.
Quote# certbot delete
- Restore the default Nginx configuration.
Quote# /opt/vultr/fix-vhost.sh
[/list]
How to Disable HTTPSHow to Disable HTTPS
- SSH to the server as root.
- Move wordpress_https.conf out of the Nginx configuration folder and reboot the server.
Quote# mv /etc/nginx/conf.d/wordpress_https.conf /root/
# reboot
[/list]
Files and Folders of Interest
- phi.ini: /etc/php/7.4/fpm/php.ini
- MySQL logs: /var/log/mysqld*.log
- Virtual host conf: /etc/nginx/conf.d/
- Virtual host SSL: /etc/nginx/ssl
- WordPress web root: /var/www/html/
- WordPress uploads: /var/www/html/wp-content/uploads
- wp-cli: /usr/local/bin/wp
Remove wp-admin SecurityThis script has been removed and is no longer needed for One-Click WordPress deployments after June 2021.
One-Click WordPress has an extra security prompt for the /wp-admin/ page. To remove this feature, run the remove-htaccess.sh script.
Quote# /opt/vultr/remove-htaccess.sh
All basic authentication has been removed!
You will no longer see the extra security pop-up when logging into the WordPress dashboard after running this script.
About One-Click AppsOne-Click apps are updated regularly without notice. When launching a One-Click app, you'll receive our latest version. We do not update deployed instances, and you are responsible for keeping the instance up-to-date. If you design an infrastructure based on One-Click apps and need to ensure the same app version in the future, take a snapshot of the initial deployment and create new instances from the snapshot.