How to Install WordPress with LAMP on Debian 12, 11 or 10

In this guide, you will learn how to install WordPress with LAMP on Debian 12, 11, or 10. WordPress, a leading content management system, paired with the LAMP stack, offers a robust platform for creating dynamic websites. This setup is ideal for those looking to harness the power of Linux, Apache, MySQL, and PHP in one seamless integration. We will walk you through each step, ensuring a smooth and efficient installation process.

Key Features of WordPress with LAMP on Debian:

• Optimized Performance: Experience enhanced speed and reliability with the combination of WordPress and LAMP on Debian.
• Flexibility and Control: Gain full control over your website’s functionality and appearance.
• Scalability: Easily scale your website as your needs grow, thanks to the versatile nature of this setup.
• Security: Benefit from the inherent security features of Linux and Apache.
• Cost-Effective: Leverage the power of open-source technologies to build a high-quality website without the high costs.

Whether you’re setting up a blog, a business website, or a personal portfolio, the WordPress and LAMP stack on Debian provides a stable and efficient foundation. Let’s dive into the details and get your website up and running.

Install LAMP on Debian 12, 11, or 10 via APT

Step 1: Install Apache – Part 1 of LAMP Stack Setup

Setting Up Apache 2

Apache 2, a web server, represents the first essential component of the LAMP stack on Debian. Begin by installing Apache 2 with the following command:

sudo apt install apache2

For those interested in a newer Apache version, refer to our detailed guide on upgrading Apache in Debian.

After installation, confirm Apache’s successful installation by checking its version:

sudo apache2 -v

Expect a response like Server version: Apache/x.x.x (Debian). Additionally, verify Apache’s operational status using:

Server version: Apache/x.x.x (Debian)

To further confirm that the Apache server is operational, use the systemctl command:

systemctl status apache2

In case Apache isn’t active, ensure its automatic startup and immediate activation with:

sudo systemctl enable apache2 --now

To test Apache’s functionality, visit your server’s local IP address in a web browser, usually http://127.0.0.1 or http://localhost.

http://127.0.01
http://localhost

Should access issues arise, particularly with UFW Firewall, enable HTTP traffic on port 80:

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

This command adjusts firewall rules to allow web traffic through port 80.

Step 2: Install MySQL or MariaDB – Part 2 of LAMP Stack Setup

Transitioning to MariaDB in Debian

Debian’s recent versions have shifted from MySQL to MariaDB. If MySQL is preferred, consult our guide on installing MySQL 8.0 on Debian. For MariaDB, especially newer versions like 10.5, 10.6, or 10.10, follow our MariaDB installation guide using the official MariaDB.org APT Repository.

Installing MariaDB via APT

With MariaDB as Debian’s default, install it using:

sudo apt install mariadb-server mariadb-client

Post-installation, validate MariaDB’s installation:

mariadb --version

Check for a response similar to mariadb Ver 15.1 Distrib x.x.x-MariaDB:

mariadb  Ver 15.1 Distrib x.x.x-MariaDB, for debian-linux-gnu (x86_64) using readline EditLine wrapper

Verify MariaDB’s status with:

systemctl status mariadb

If MariaDB isn’t running, start and enable it:

sudo systemctl enable mariadb --now

Navigating Essential MariaDB Service Commands

For individuals new to MariaDB, here’s a concise guide to some fundamental service commands essential for efficient LAMP stack management on a Debian server:

Stopping MariaDB:

sudo systemctl stop mariadb

Starting MariaDB:

sudo systemctl start mariadb

Enabling MariaDB to Auto-start with the System:

sudo systemctl enable mariadb

Disabling MariaDB from Auto-starting:

sudo systemctl disable mariadb

Restart the MariaDB Service:

sudo systemctl restart mariadb

Having these commands at hand simplifies the management of the MariaDB element in your Debian LAMP stack.

Securing MariaDB with the Provided Security Script

New MariaDB installations come with default configurations that may not be optimally secure, potentially exposing your system to unauthorized access or attacks. However, MariaDB includes a security script designed to strengthen these settings after installation.

Begin enhancing your MariaDB security by executing the mysql_secure_installation script with the following command:

sudo mysql_secure_installation

During the script execution, you will encounter prompts for various security measures:

• Set a password for the root accounts.
• Remove root accounts accessible from remote hosts.
• Eradicate anonymous user accounts.
• Discard the default test database accessible to anonymous users.

Typically, responding with (Y) is advisable for these prompts to implement the suggested security enhancements.

[joshua@debian ~]$ sudo mariadb-secure-installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Step 3: Install PHP – Part 3 of LAMP Stack Setup

PHP acts as the intermediary between Apache and MariaDB. Debian distributions come with varying PHP versions. For specific versions or newer releases like PHP 8.x, see our PHP installation guide for Debian.

To install PHP with Apache, execute:

sudo apt install phpx.x libapache2-mod-phpx.x

For clarity, a concrete example with common WordPress extension installs would be For Debian 12:

sudo apt install php libapache2-mod-php8.2 php8.2-cli php8.2-common php8.2-zip php8.2-curl php8.2-mysql

Debian 12, 11 and 10 have different default versions, unless you install a custom version from our guide mentioned at the start. Just remember to subsitute the 8.2 to whatever version you are utilizing.

Verify your PHP version:

php -v

After installation, the module usually loads automatically. But, if manual loading is necessary, use this command: sudo a2enmod php{version}.

sudo a2enmod php8.2

As seen above, the module is already loaded.

To complete the installation process, it is essential to restart the Apache server to integrate the PHP module:

sudo systemctl restart apache2

When switching between PHP versions, such as from 8.0 to 8.1, it’s important to first disable the currently active version. To disable PHP 8.0, use:

sudo a2dismod php8.0

Then, activate the new version, like PHP 8.2:

sudo a2enmod php8.2

Following this, restart the Apache server to apply the new PHP module:

sudo systemctl restart apache2

Install WordPress Backend with LAMP on Debian 12, 11, or 10

Step 1: Downloading WordPress on Debian

First, you must download the latest version of WordPress, which is easily done with the following permalink from WordPress:

wget https://wordpress.org/latest.tar.gz

Step 2: Extract WordPress Directory

The downloaded file is a compressed tar.gz archive. Use the tar command to extract its contents. This step is vital as it unpacks all the necessary WordPress files needed for installation:

sudo tar -xzvf latest.tar.gz -C /var/www/html/

Step 3: Setting Permissions and Ownership

It’s essential to set the correct permissions and ownership for the WordPress directory. This ensures that the web server can correctly access and modify files for updates, plugin installations, and other operations.

Changing Ownership

The chown command changes the ownership of all files and directories within WordPress to the web server user, typically www-data. This step is critical for WordPress to function correctly on the server:

sudo chown -R www-data:www-data /var/www/html/wordpress/

Modifying Permissions:

Setting the right permissions is crucial for security and functionality. The chmod command is used to set directory permissions to 755 and file permissions to 644. This configuration allows WordPress to operate securely and efficiently:

sudo find /var/www/html/wordpress -type d -exec chmod 755 {} \;
sudo find /var/www/html/wordpress -type f -exec chmod 644 {} \;

Step 4: Creating a Database for WordPress

WordPress uses a database to store all site data. This section guides you through creating a new database and user for WordPress using MariaDB, a popular database server.

Accessing the MariaDB Shell:

Log into MariaDB as the root user. This step allows you to create and manage databases and users:

sudo mariadb -u root

Alternatively, if you prefer MySQL:

sudo mysql -u root

Creating the WordPress Database:

Execute the SQL command to create a new database named WORDPRESSDB. Replace WORDPRESSDB with your desired database name. This database will hold all WordPress data:

CREATE DATABASE WORDPRESSDB;

Creating a Secure Database User:

For security, create a unique user for WordPress. This practice limits access and enhances security. Replace ‘WPUSER’ and ‘PASSWORD’ with your chosen username and password:

CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'PASSWORD';

WPUSER and PASSWORD can be whatever you desire. Ensure any further commands reflect what you set at this point when dealing with the database side of installing WordPress with LAMP.

Granting Privileges:

Assign necessary privileges to the new user for managing the WordPress database. This step is crucial to ensure that WordPress can interact with its database:

GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'PASSWORD';

Applying Changes:

After setting up the user and privileges, flush the privileges to apply changes and exit the MariaDB shell:

FLUSH PRIVILEGES;
EXIT;

Step 5: Configuring WordPress

Set up the WordPress configuration by editing the wp-config.php file. This involves specifying database details and other configurations.

Navigate to WordPress Directory:

Change to the WordPress installation directory:

cd /var/www/html/wordpress/

Configuring wp-config.php:

Rename the sample configuration file and edit it to include your database details:

sudo mv wp-config-sample.php wp-config.php

Using a text editor, bring up the newly renamed wp-config.php file. In our example, we will use nano.

sudo nano wp-config.php

Update the file with your database name, user, and password. You can also set the database charset and collation:

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */ 
define( 'DB_NAME', 'WORDPRESSDB' );

/* MySQL database username */ 
define( 'DB_USER', 'WPUSER' );

/* MySQL database password */
define( 'DB_PASSWORD', 'YOUR PASSWORD' );

/* MySQL hostname, change the IP here if external DB set up */ 
define( 'DB_HOST', 'localhost' );

/* Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/* The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

Optionally, add configurations for direct file edits, memory limits, and table prefixes:

/* Save files direct method */
 define( 'FS_METHOD', 'direct' );

/* Increase memory limit, 256MB is recommended */
 define('WP_MEMORY_LIMIT', '256M');

/* change WordPress database table prefix if wanted */
 $table_prefix = 'wp_';

Step 6: Setting WordPress Security Keys

Generate unique authentication keys for WordPress. Visit the WordPress secret-key API and replace the placeholder lines in the wp-config.php file with your generated keys.

Step 7: Configuring Apache for WordPress

Set up a virtual host for your WordPress site in Apache. This step is crucial for directing web traffic to your WordPress installation.

Creating the Virtual Host File:

Create a new configuration file for your WordPress site:

sudo nano /etc/apache2/sites-available/example.com.conf

Configure the file with your domain, document root, and necessary directives:

<VirtualHost *:80>
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com
    DocumentRoot /var/www/html/wordpress
    <Directory "/var/www/html/wordpress">
        AllowOverride All
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/wordpress.error.log
    CustomLog ${APACHE_LOG_DIR}/wordpress.access.log combined
</VirtualHost>

Next, run a dry test of your virtual host using the following command.

sudo apache2ctl configtest

Example output:

Syntax OK

As above, the virtual host configuration has no errors, so you can now enable your virtual host.

sudo a2ensite example.com.conf

Lastly, restart your Apache service.

sudo systemctl restart apache2

Install WordPress Frontend on Debian 12, 11 or 10 with LAMP

Accessing the Installation Address

To initiate the WordPress installation, navigate to your website’s domain. Use either of these URLs:

• https://www.yoursite.com
• https://www.yoursite.com/wp-admin/install.php

Upon accessing the site, you’ll encounter the language settings page. Select the preferred language for your WordPress installation.

Setting Up Admin Account

The next step involves creating your admin account. This is a crucial step as it sets up your username and password, which you’ll use for future logins. Remember, these credentials are changeable at any point.

Configuring Search Engine Visibility

For websites under construction, it’s advisable to prevent search engines from indexing your site. Select the option “strongly discourage search engines from indexing this site” during setup. This step ensures that search engines like Google and Bing do not index your work-in-progress (WIP) website. You can change this setting once your site is ready for public viewing.

Completion of WordPress Installation

Once these steps are completed and you login, your WordPress site, powered by the LAMP Stack on Debian, is successfully installed and ready for customization and content creation.

Create a Let’s Encrypt SSL Free Certificate on Debian 12, 11 or 10

Introduction to Let’s Encrypt SSL

For enhanced security on Debian, using Let’s Encrypt SSL certificates with your WordPress Apache installation is crucial. Let’s Encrypt is a free, automated certificate authority by the Internet Security Research Group (ISRG). It boosts your site’s credibility by enabling HTTPS, a protocol essential for secure communication over a computer network.

Installing Certbot for SSL Integration

The first step in securing your site with Let’s Encrypt is to install Certbot. Certbot is a software tool that automates the process of obtaining and installing SSL certificates. Install Certbot using the following command:

sudo apt install python3-certbot-apache -y

Generating SSL Certificate

After installing Certbot, generate an SSL certificate with this command:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

Customize you@example.com and www.example.com with your email and domain. This step secures your site with HTTPS redirects, Strict-Transport-Security headers, and OCSP Stapling, ensuring enhanced security.

Automatic Renewal of SSL Certificate

Let’s Encrypt certificates are valid for 90 days. To automate renewal, set up a cron job. Edit the crontab file using:

sudo crontab -e

Add this line to schedule daily checks for renewal:

0 3 * * * /usr/bin/certbot renew --quiet

This command checks for renewal daily at 3 AM and renews the certificate quietly if needed.

Transitioning to HTTPS

After these configurations, your site will use HTTPS, redirecting all HTTP traffic to a secure HTTPS connection. This ensures data encryption between your server and users’ browsers.

Setting Up UFW Firewall for LAMP Stack on Debian 12, 11 or 10

Introduction to UFW Firewall

When using Apache with your LAMP Stack, it’s important to configure the Uncomplicated Firewall (UFW). UFW simplifies firewall management and is essential for controlling access to your server’s services.

Installing UFW

If UFW is not yet installed, add it with:

sudo apt install ufw -y

Enable UFW to start on system boot:

sudo ufw enable

Configuring Apache Profiles in UFW

Apache integrates with UFW and provides several profiles. To list these, use:

sudo ufw app list

The output shows profiles like ‘Apache’ (HTTP), ‘Apache Secure’ (HTTPS), and ‘Apache Full’ (both HTTP and HTTPS). Choose according to your setup.

Enabling UFW Profiles

For a basic setup without SSL, enable the Apache profile:

sudo ufw allow 'Apache'

For HTTPS traffic (after setting up SSL), enable ‘Apache Secure’:

sudo ufw allow 'Apache Secure'

To allow both HTTP and HTTPS, use:

sudo ufw allow 'Apache Full'

Troubleshoot Common WordPress Issues

Resolving PHP Session Errors

PHP session errors, often encountered when using specific WordPress plugins, are commonly due to incorrect permissions in the /var/lib/php/sessions/ directory.

Resolve this efficiently with the following command:

sudo chown -R www-data:www-data /var/lib/php/sessions/

This command changes the ownership of the sessions directory to the www-data user and group. By doing so, WordPress gains the necessary permissions to write session data, crucial for plugins handling automated tasks like social media integrations. Rectifying PHP session errors enhances your website’s performance and user experience.

Addressing HTTPS Redirect Loop in WordPress

An HTTPS redirect loop in WordPress, typically occurring after enabling HTTPS, can be fixed by editing the wp-config.php file. This loop happens when WordPress continually redirects to HTTPS, but the process never completes.

Modifying the wp-config.php File

To resolve this, insert these lines into your wp-config.php:

define('FORCE_SSL_ADMIN', true);

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
    $_SERVER['HTTPS'] = 'on';
}

Explanation of the code:

• The FORCE_SSL_ADMIN line ensures all admin pages utilize HTTPS.
• The subsequent code checks the HTTP_X_FORWARDED_PROTO header for ‘https’. When detected, it sets the HTTPS server variable to ‘on’, signaling a secure connection.

Implementing these changes should resolve the HTTPS redirect loop, ensuring the smooth operation of your WordPress site with its secure connection.

Fixing Domain Name Redirect Loop

Redirect loops in WordPress can arise from discrepancies between the domain name in the wp-config.php file and your site’s actual domain.

Verifying the wp-config.php File

Check and adjust the domain name in your wp-config.php:

define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');

Ensure the domain name here matches your website’s actual domain. If the problem persists despite correct domain settings, the issue might stem from server configurations. In such cases, contacting your hosting provider for assistance is advisable.

Conclusion

In this guide, we navigated the ins and outs of installing WordPress with a LAMP stack on Debian, offering a solid foundation for anyone looking to establish a robust and secure web presence. Along the way, we addressed common challenges such as PHP session errors and HTTPS redirect loops, ensuring your site not only runs smoothly but also maintains the highest security standards. As a final note, remember to regularly update your WordPress and server components to keep your site running optimally. Embrace this journey with confidence, knowing you’ve got the tools and knowledge to create a standout WordPress site on Debian.