How to Install WordPress with LEMP Stack on Rocky Linux 8

WordPress is the most dominant content management system written in PHP, combined with MySQL or MariaDB database. You can create and maintain a site without prior knowledge in web development or coding. The first version of WordPress was created in 2003 by Matt Mullenweg and Mike Little and is now used by 70% of the known web market, according to W3Tech. WordPress comes in two versions: the free open source and, a paid service that starts at $5 per month up to $59. Using this content management system is easy and often seen as a stepping stone for making a blog or similar featured site.

In the following tutorial, you will learn how to install self-hosted WordPress using the latest Nginx, MariaDB, and PHP versions available.

Update Rocky Linux System

Update your Rocky Linux operating system to make sure all existing packages are up to date:

sudo dnf upgrade --refresh -y

Install CURL & UNZIP Package

The tutorial uses the curl and unzip command during certain parts, run the following command to make sure they are installed.

sudo dnf install curl unzip -y

Install Nginx – (LEMP Stack)

Optional. Change Nginx Version Stream to EPEL

To kickstart the LEMP stack installation, you will need to install the Nginx web server. The tutorial would show the optional choice of which Nginx stream to install, which is handy if you installed the EPEL repository.

First, list the Nginx profiles available using the dnf module list command in your terminal:

sudo dnf module list nginx

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Since the tutorial focuses on using the EPEL release, the Nginx mainline will be selected. But first, you need to reset the Nginx modules to change.

sudo dnf module reset nginx

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Type “Y,” then press “ENTER KEY” to proceed with resetting the module list.

Next, enable the Nginx module you prefer. For the tutorial, EPEL will be chosen, and if you want to use Nginx mainline, you will enter “nginx:mainline,” if you prefer the stable version, then it would be “nginx.1:20”.

To install EPEL mainline:

sudo dnf module enable nginx:mainline

To install EPEL stable:

sudo dnf module enable nginx:1.20

Install Nginx

Now it is time to install Nginx as part of the LEMP installation. Whether you have installed EPEL and using an Nginx build based on that repository or use the default Rocky Linux 8 App stream, the commands will be the same; just some of the outputs that are example only will differ.

To install Nginx, use the following command in your terminal:

sudo dnf install nginx

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Type “Y,” then press “ENTER KEY” to proceed with the installation.

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.14.1

By default, it is not enabled when installing Nginx on Rocky Linux. To enable on boot and to start, use the following:

sudo systemctl enable nginx --now

Example of successfully enabling (symlink):

Created symlink /etc/systemd/system/ → /usr/lib/systemd/system/nginx.service.

Now, check to see the status of your Nginx service with the following terminal command:

systemctl status nginx

Example output saying everything is ok:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Now, you can confirm that your Nginx webserver is operational by entering HTTP://server-ip or HTTP://domain-name in your Internet Browser, and you should get the following:

How to Install phpBB with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

If you cannot access this page, you may need to configure the firewall settings covered in the next section.

Configure Nginx FirewallD Rules

When installing Nginx, it does not automatically add firewall rules to the standard port 80 or 443 ports. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Install MariaDB (LEMP STACK)

Optional. Change to MariaDB 10.5

Rocky Linux App stream by default installs MariaDB 10.3, an older but incredibly stable version. However, the latest build of MariaDB at the time of this tutorial that is classed as a stable release is MariaDB 10.7, with MariaDB 10.8 being the RC candidate.

As you can imagine, the difference is pretty significant; however, as most users of Rocky Linux prefer using stability over cutting edge, a solution will be to use MariaDB 10.5 that is newer while at the same time being incredibly stable and still receiving bug fixes and security updates.

First, reset the MariaDB module list:

sudo dnf module reset mariadb

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Type “Y,” then press “ENTER KEY” to proceed with the module reset.

Next, enable MariaDB 10.5 to be the primary source when installing MariaDB.

sudo dnf module enable mariadb:10.5

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Type “Y,” then press “ENTER KEY” to proceed with the module switch to MariaDB 10.5.

Install MariaDB

Now, it is time to install MariaDB; depending on what version you choose, the outputs may differ, but the commands will be precisely the same.

sudo dnf install mariadb-server mariadb

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Type “Y,” then press “ENTER KEY” to proceed with the installation.

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mysql --version

Example output:

mysql  Ver 15.1 Distrib 10.5.9-MariaDB, for Linux (x86_64) using  EditLine wrapper

Check MariaDB server status

Now you have installed MariaDB, and you can verify the status of the database software by using the following systemctl command:

systemctl status mariadb

By default, you will find MariaDB status to be off. To start MariaDB, use the following command:

sudo systemctl enable mariadb --now

Now recheck the status, and you should get the following:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

To stop MariaDB:

sudo systemctl stop mariadb

To enable MariaDB on system startup:

sudo systemctl enable mariadb

To disable MariaDB on system startup:

sudo systemctl disable mariadb

To restart the MariaDB service:

sudo systemctl restart mariadb

Secure MariaDB with Security Script

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script that comes with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mysql_secure_installation

Next, you will be given a prompt asking you to enter your (MariaDB root password). For now, press the (ENTER) key as the root password isn’t’ set yet as below:

Next, type (Y) and press enter to set up the (root) password as below:

The next series of questions you can safely hit (ENTER), which will answer (Y) to all the subsequent questions which ask you to (remove anonymous users, disable remote root login, and remove the test database). Note the (Y) is capitalized, meaning it is the default answer when you press the (ENTER) key.

Example below:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Overview of what should have been done above:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

This step is essential for MariaDB database security and should not be altered or skipped unless you know what you are doing.


Optional. Import PHP 8.0 Repository

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. Remi is the maintainer for PHP releases on the Rhel family for those unaware.

For the tutorial, we will install the newest PHP 8.0. However, it must be noted while WordPress works well with PHP 8.0 and higher, some of the plugins may face issues, so make sure you are only installing active and updated plugins which should be the standard in any CMS. If you encounter problems, uninstall PHP 8.0, and use PHP 7.4.

To install PHP from Remi’s repository, you will need to have installed the EPEL repository at the start of the tutorial. By default, PHP 7.2 is the default PHP choice for standard installation on Rocky Linux. A quick tip is to use the (list php) command to see the options available and the default.

enable (Remi repository) with the following:

sudo dnf install dnf-utils

Again as example output, type (Y) and enter to proceed:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Next, use the (dnf) command to update your repository list:

sudo dnf update

Now list the modules available for PHP using the following command:

sudo dnf module list php

You will get the following output as below. Note the (d) tag for default PHP to be installed:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

As you can see above, the (d) tag is next to PHP 7.2, which you will need to reset and change to install PHP 8.0 on Rocky Linux.

To reset the PHP list is easy with the following command:

sudo dnf module list reset php

Next, enable PHP 8.0 with the following command:

sudo dnf module enable php:remi-8.0 

Note, you can enable PHP-7.4 by following the dnf module reset command and using the dnf module enable php:remi-7.4 command instead. Choose the version you require for the application, and this was just an example of having the latest PHP version of whatever PHP choice you decide.

Install PHP & PHP-FPM

Next, install PHP on your server; depending on which version of PHP, the outputs will look different; however, the commands stay the same.

sudo dnf install php

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Type “Y,” then press “ENTER KEY” to proceed with the installation. Note you may be prompted to type “Y.”

Verify the installation and check the version and build:

php -v

Example output:

PHP 8.0.11 (cli) (built: Sep 21 2021 17:07:44) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.11, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.11, Copyright (c), by Zend Technologies

Now, by default, PHP-FPM is off and not enabled on boot. To enable on boot and start the service, use the following systemctl commands:

sudo systemctl enable php-fpm --now

To confirm PHP-FPM is now running, use the following systemctl command:

Example output:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Remember, you do not need to use PHP 8.0, do some research if unsure, or better yet, ask in WordPress community forums, which works best currently; however, the process is the same along with commands to either use the default or other alternative versions in the dnf module list.

Now that LEMP is set up, proceed to the actual WordPress installation.

Install WordPress Backend

Download WordPress

Visit the download page and scroll down to find thelatest.zipdownload link. If you are hosting off a desktop, you can manually download this or use the wget command to download your desktop.


Create Folder Structure for WordPress

Now you have the archive downloaded, proceed to unzip it and move it to your www directory.

Create the directory for WordPress:

sudo mkdir -p /var/www/html/wordpress

Unzip WordPress to the www directory:

sudo unzip -d /var/www/html/

You must set the directory owner permissions to WWW, or else you will have trouble with WordPress write permissions.

Set chown permission (important):

sudo chown -R www-data:www-data /var/www/html/wordpress/

Set chmod permission (important):

sudo find /var/www/html/wordpress -type d -exec chmod 755 {} \;
sudo find /var/www/html/wordpress -type f -exec chmod 644 {} \;

Create Database for WordPress

WordPress requires a database to run hence why you had to install MariaDB. Before continuing further, you need to create a database for WordPress using MariaDB. First, bring up the terminal console and type the following.

Bring up MariaDB shell as root:

sudo mariadb -u root

Second alternative command:

sudo mysql -u root

Next, create the database. This can be any name you want. For the guide, you will name it “WORDPRESSDB.”

Create WordPress database:


After the database has been created, you should create a new WordPress site user.

This is done as a security measure, so every database has a different user. If one username is compromised, the attacker doesn’t access all the other website’s databases.

Create the WordPress database user:


Replace WPUSER and PASSWORD with whatever username or password you desire. Do not copy and paste the default user/pass above for security purposes.

Now assign the newly created user access to the WordPress website database only below.

Assign database to the created WordPress user account:


With all database configuration settings complete, you need to flush the privileges to take effect and exit.

Flush Privileges to make changes live:


Exit MariaDB:


Configure WordPress Configuration Files

You need to set some settings in the wp-config-sample.php file. Below, you will see how to rename the sample file and enter the required information.

First, rename the configuration file.

Go to the WordPress directory:

cd /var/www/html/wordpress/

Rename configuration file:

sudo mv wp-config-sample.php wp-config.php

Using a text editor, bring up the newly renamed wp-config.php file. In our example, we will use nano.

sudo nano wp-config.php

Next, you will enter the database name, user account with a password, host IP address if different than localhost.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */ 
define( 'DB_NAME', 'wordpressdb' );
/* MySQL database username */ 
define( 'DB_USER', 'wpuser1' );
/* MySQL database password */
/* MySQL hostname, change the IP here if external DB set up */ 
define( 'DB_HOST', 'localhost' );
/* Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/* The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

While you are in this file, adding extra settings will make your WordPress easier to manage, such as direct file saving instead of using FTP and increased memory size limits.

##Save files direct method##
 define( 'FS_METHOD', 'direct' );

##Increase memory limit, 256MB is recommended##
 define('WP_MEMORY_LIMIT', '256M');

##change Wordpress database table prefix if wanted##
 $table_prefix = 'wp_';

Set WordPress Security Salt Keys

It would be best to visit WordPress secret-key API to generate your own. The address salt key generator can be found at Replace the example lines with the codes from the generator.


define('AUTH_KEY',         '<3yfS7/>%m.Tl^8Wx-Y8-|T77WRK[p>(PtH6V]Dl69^<8|K86[_Z},+THZ25+nJG');
define('SECURE_AUTH_KEY',  'bN#Qy#ChBX#Y`PE/_0N42zxgLD|5XpU[mu.n&:t4q~hg<UP/b8+xFTly_b}f]M;!');
define('LOGGED_IN_KEY',    'owpvIO-+WLG|,1)CQl*%gP1uDp}s(jUbYQ[Wm){O(x@sJ#T}tOTP&UOfk|wYsj5$');
define('NONCE_KEY',        '8=Vh|V{D<>`CLoP0$H!Z3gEqf@])){L+6eGi`GAjV(Mu0YULL@sagx&cgb.QVCbi');
define('AUTH_SALT',        '%TX*X$GE-;|?<-^(+K1Un!_Y<hk-Ne2;&{c[-v!{q4&OiJjQon /SHcc/:MB}y#(');
define('SECURE_AUTH_SALT', '=zkDT_%}J4ivjjN+F}:A+s6e64[^uQ<qNO]TfHS>G0elz2B~7Nk.vRcL00cJoo7*');
define('LOGGED_IN_SALT',   '{$-o_ull4|qQ?f=8vP>Vvq8~v>g(2w12`h65ztPM(xo!Fr()5xrqy^k[E~TwI!xn');
define('NONCE_SALT',       'a1G(Q|X`eX$p%6>K:Cba!]/5MAqX+L<A4yU_&CI)*w+#ZB+*yK*u-|]X_9V;:++6');

Nginx Server Block Configuration

Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block. The settings below are pretty crucial. It should be noted to emphasize the importance of “try_files $uri $uri/ /index.php?$args;” as it is often an issue with other tutorials that leave the ending ?$args left out, giving you major site health issues comes to the REST API of WordPress.

First, create a new server configuration file with the following command replacing the example with your domain name,

sudo nano /etc/nginx/sites-available/

Below is an example; you can choose the parts; however, the “location ~ \.php$” needs to be in the Nginx configuration file.

NOTE: Make sure to change and and the root path.

server {

  listen 80;
  listen [::]:80;

  root /var/www/html/wordpress;

  index index.php index.html index.htm index.nginx-debian.html;

  location / {
  try_files $uri $uri/ /index.php?$args;

  location ~* /wp-sitemap.*\.xml {
    try_files $uri $uri/ /index.php$is_args$args;

  client_max_body_size 100M;

	# Pass the php scripts to FastCGI server specified in upstream declaration.
 location ~ \.php$ {
   try_files $uri =404;
   fastcgi_pass unix:/run/php-fpm/www.sock;
   fastcgi_index   index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   include fastcgi_params;
   fastcgi_buffer_size 128k;
   fastcgi_busy_buffers_size 128k;
   fastcgi_buffers 4 128k;
   fastcgi_intercept_errors on;
   fastcgi_connect_timeout 40;
   fastcgi_send_timeout 60;
   fastcgi_read_timeout 60;

 gzip on; 
 gzip_comp_level 6;
 gzip_min_length 1000;
 gzip_proxied any;
 gzip_disable "msie6";

  # assets, media
  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
      expires    90d;
      access_log off;
  # svg, fonts
  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
      add_header Access-Control-Allow-Origin "*";
      expires    90d;
      access_log off;

  location ~ /\.ht {
      access_log off;
      log_not_found off;
      deny all;

Note, if you are using PHP 8.0 find and replace the above line “fastcgi_pass unix:/run/php/php7.4-fpm.sock;” to “fastcgi_pass unix:/run/php/php8.0-fpm.sock;”.

Next, you will need to enable the Nginx configuration file from “sites-available.” To do this, you will create a symlink to “sites-enabled” as follows.

sudo ln -s /etc/nginx/sites-available/example.conf /etc/nginx/sites-enabled/

Make sure to replace “example. conf” with your configuration file name.

You now can do a dry run then restart your Nginx server if everything is ok.

sudo nginx -t

After checking and everything is ok with your Nginx dry run test, restart the Nginx service.

sudo systemctl restart nginx

PHP.ini Configuration

To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.

Firstly, open the php.ini file:

sudo nano /etc/php.ini

Next, you will find recommended settings to work with most WordPress installations modify them as you require them to suit your server hardware and resources.

You will need to locate the settings and lines and change them to as follows:

max_execution_time = 180 (located on line 338)
max_input_time = 90 (located on line 398)
memory_limit = 256M (located on line 409)
upload_max_filesize = 64M (located on line 846)

Optional, some increased security settings, this can be skipped:

session.use_strict_mode = 1
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1 = LCCookies (Change the name, example: POPme)
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = (example only)
session.cookie_httponly = 1
session.cookie_samesite = Strict

Once done, CTRL+O to save then CTRL+X to exit the file.

Unlike LEMP installations on Debian/Ubuntu that use the (www-data) user, this isn’t the case with Rhel/Rocky Linux installations. By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

sudo nano /etc/php-fpm.d/www.conf

Next, replace the (Apache) user and group with the (Nginx) user and group:

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

To save, press (CTRL+O) then exit (CTRL+X).

You will need to restart PHP for the changes to be active:

sudo systemctl restart php-fpm

Open up your server block:

sudo nano /etc/nginx/sites-available/

Adjust this line to increase body size:

client_max_body_size 100M;

Remember, keep the client max size the same as your PHP file setting.

Next, test the changes, then restart your Nginx server if everything is ok.

sudo nginx -t

Example output if all is working correctly:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

After checking and everything is ok with your Nginx dry run test, restart the Nginx service.

sudo systemctl restart nginx

Configure SELinux

Before proceeding any further, a few adjustments must be made to SELinux.

First, allow webserver network connections.

sudo setsebool -P httpd_can_network_connect 1

Next, set the SELinux contexts WordPress directory.

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/mywebsite(/.*)?"
sudo restorecon -Rv /var/www/mywebsite

Restart PHP-FPM for good practice.

sudo systemctl restart php-fpm

Install WordPress Frontend

Now that all the backend setup and configuration are complete, you can go to your domain and begin installing.

##go to installation address##
##alternative url##

The first page you will see is creating a username and password along with some site details. This will be your future admin login account, and you can change this later on as well.

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

If you are building a website, enabling “strongly discourage search engines from indexing” prevents Google or Bing or any other “good/reputable search engine bot” from indexing a WIP website. Once finished, you will come to the next screen with a login.

How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8

Congratulations, you have successfully installed the latest version of WordPress on Nginx with the LEMP stack.

Secure Nginx with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the EPEL repository and the mod_ssl package for better-updated packages and security.

sudo dnf install epel-release mod_ssl -y

Next, install the certbot package as follows:

sudo dnf install python3-certbot-nginx -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email -d

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be instead of HTTP://

Note if you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

Next, install a cronjob.

sudo crontab -e

Next, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help finding a good time to set, use the free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

Press the : key, then type wa to save, then qa to quit.

Comments and Conclusion

WordPress offers a fantastic ability to create quick websites with templates and plugins, and the plugin store hosts a tremendous amount of options. However, to unlock the full potential of most themes and add-ons, they are all paywall, but most are affordable.

Self-hosting WordPress is quite a bit of fun. However, making sure you keep up with security and updating is essential. WordPress is the most targetted CMS on earth by attackers, and your site will, in its first day without even being listed will, be scanned for exploits, and brute force attempts will begin.


Like to get automatic updates? Follow us on one of our social media accounts!