How to Install WordPress with Nginx, MariaDB, PHP on Debian 12/11/10

WordPress is a free and open-source content management system (CMS) allowing users to create and manage websites easily. It was first released in 2003 and has since become one of the most popular website-building platforms, powering over 40% of all websites on the internet.

One of the main reasons for WordPress’s popularity is its flexibility and user-friendliness. WordPress offers a vast range of customizable templates, plugins, and themes, enabling users to create websites that meet their needs and preferences. WordPress’s active community of developers and users provides support and guidance, making it easier for users to learn and use the platform.

Compared to other popular CMSs like Drupal and Joomla, WordPress’s popularity can be attributed to several factors, including:

  • Ease of use: WordPress’s user-friendly interface makes it accessible to users with varying levels of technical expertise, allowing even novice users to create and manage websites easily.
  • Customizability: WordPress’s vast collection of templates, plugins, and themes provides users with a wide range of customization options, enabling them to create websites that reflect their brand and style.
  • Large and active community: WordPress has a large and active community of developers and users who contribute to the platform’s growth, providing support and guidance to users.
  • Cost-effective: WordPress is free to download and use, and users can host their websites on various hosting providers, reducing the cost of website development and maintenance.

While other CMSs like Drupal and Joomla offer similar functionalities, WordPress’s popularity can be attributed to its flexibility, ease of use, and active community.

This guide will demonstrate how to install WordPress using NGINX, MariaDB, and PHP on Debian 11 Bullseye or Debian 10 Buster using the command line terminal.

Step 1: Update Debian

Before installing WordPress on your Debian server, ensuring that your system is current is essential. This step is necessary to minimize the risk of conflicts during the installation process, as WordPress is a complex installation. To update your Debian system, open your terminal and enter the following command:

sudo apt update && sudo apt upgrade

This command will update any outstanding packages and upgrade your system.

Step 2: Install the Required Packages

Most of the required packages for installing WordPress on your Debian server may already be installed. However, running the command again is recommended to ensure all the necessary packages are present. These packages are very common, and there is nothing unusual about them. To install the required packages, open your terminal and enter the following command:

sudo apt install curl git wget unzip zip

This command will install the packages required for installing WordPress on your Debian server.

Step 3: Install Nginx

To set up a LEMP stack on your Debian server, you need to install Nginx. You can do this by running the following command in your terminal:

sudo apt install nginx

After installation, Nginx is typically enabled by default. However, it’s always best to confirm that it’s working correctly. You can do this by running the following command:

systemctl status nginx

Example output:

If the Nginx service is not yet activated, you can activate it using the following command:

sudo systemctl enable nginx --now

This command will ensure that Nginx starts automatically on each server reboot. Verifying and enabling the Nginx service is important for setting up a functional LEMP stack.

To optimize your WordPress performance, it’s best to use the latest Nginx mainline version. You can follow the guide on installing Nginx Mainline on Debian Linux to install the latest version. This version offers additional features and improvements to enhance your website’s speed and overall performance.

Configure UFW Firewall for Nginx

Configuring the UFW firewall is important for securing your Nginx server and allowing outside access to default web ports. Fortunately, Nginx provides profiles that can configure UFW quickly for use with Nginx.

If UFW is not yet installed on your Debian system, you can install it by running the following command:

sudo apt install ufw

After installation, enable UFW on your system. By default, UFW will deny all incoming and allow all outgoing connections. To enable the firewall, use the following command:

sudo ufw enable

To see the available Nginx profiles, run the following command:

sudo ufw app list

The output shows that Nginx runs on port 80 (HTTP), Nginx Secure runs on port 443 (HTTPS), and Nginx Full combines both. To enable both HTTP and HTTPS access, use the Nginx Full profile:

sudo ufw allow 'Nginx Full'

However, depending on your specific needs, you may want to adjust the profile. For example, if you only require HTTPS access, use the Nginx Secure profile:

sudo ufw allow 'Nginx Secure'

Or, if you only require HTTP access, use the Nginx HTTP profile:

sudo ufw allow 'Nginx HTTP'

Step 4: Install MariaDB

The second stage of the LEMP installation process involves installing the database component. MariaDB is the preferred choice in the LEMP stack over MySQL due to its improved performance and other advantages. However, suppose you wish to install a different version of MariaDB from the official repositories provided by In that case, you can follow our guide on installing MariaDB 11.x or 10.x on Debian to improve the performance of your WordPress installation.

To install MariaDB, execute the following command in your terminal:

sudo apt install mariadb-server mariadb-client

It’s essential to verify the status of the MariaDB service after installation, just as you did for Nginx, to ensure that it’s enabled and functioning correctly without any errors. You can do this by running the following command:

systemctl status mariadb

Example output:

This command will show you the status of the MariaDB service and indicate if any errors need to be addressed.

If for any reason, the MariaDB service is not activated, you can use the following command to enable it immediately and on system boot:

sudo systemctl enable mariadb --now

This command ensures that the MariaDB service starts automatically whenever you boot your system. Enabling the MariaDB service is crucial for ensuring your LEMP stack and WordPress installation are stable and functioning correctly.

Secure MariaDB with Security Script

Securing your MariaDB installation is crucial for safeguarding the confidentiality and integrity of your data. New installations of MariaDB may have weak security settings by default, which can make them vulnerable to malicious attacks. However, running the installation security script can secure your database and prevent potential exploitation.

To launch the mysql_secure_installation script, enter the following command in your terminal:

sudo mysql_secure_installation

Once the script is launched, you can proceed with configuring the settings, which includes setting the root password, restricting remote access from external sources, removing anonymous user accounts, and eliminating the test database. These steps are essential in securing your MariaDB installation and preventing potential security threats.

During the script, you will be prompted with several security settings, including:

  • Setting the root password or using the unix_socket to prevent unauthorized access
  • Removing anonymous user accounts to ensure that only authorized users can access your database
  • Restricting remote login access to root user accounts for added security
  • Removing the test database to prevent unauthorized access and data leakage

It is important to answer each prompt carefully, as these settings can significantly impact the security of your database. Once you have completed all the necessary steps, your MariaDB installation should be secure and ready to use.

Example of MariaDB terminal and the most advisable actions to take:


In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

These security measures ensure your MariaDB installation is secure and protected against threats.

Step 5: Install PHP, PHP-FPM

To set up the LEMP stack, it is necessary to install the PHP service. This service serves as a mediator between Nginx and MariaDB through PHP-FPM and additional modules that WordPress requires. If you prefer a different version of PHP that meets your requirements, refer to our guide on installing PHP on Debian.

To install PHP and PHP-FPM with the necessary modules on your Debian system, execute the following command in your terminal:

sudo apt install php php-fpm php-mbstring php-bcmath php-xml php-mysql php-common php-gd php-cli php-curl php-zip php-imagick php-ldap php-intl

After installation, it is essential to verify the status of the PHP service, just as you did for MariaDB and Nginx, to ensure that it is functioning correctly without any errors. In this example, the command is specific to the version of PHP installed, which is PHP 7.4:

systemctl status php7.4-fpm

The output should look like this:

Step 6: Install WordPress

Create WordPress Directory Structure

To install WordPress on your Debian LEMP stack, you can either download the latest version from the official download page or use the following command to download it directly:


Once downloaded, unzip the archive to the /var/www/html directory using the following command:

sudo unzip -d /var/www/html/

Next, ensure that WordPress has the correct write permissions by setting the directory owner permissions to the web server user. This can be done with the following command:

sudo chown -R www-data:www-data /var/www/html/wordpress/

After setting the directory owner permission, you must set the correct permissions for the WordPress folders and files using the following commands:

For folders:

sudo find /var/www/html/wordpress -type d -exec chmod 755 {} \;

For files:

sudo find /var/www/html/wordpress -type f -exec chmod 644 {} \;

Setting the correct folder and file permissions ensures your WordPress installation is secure and functions correctly.

Create a Database for WordPress

To run WordPress on your Debian LEMP stack, you must create a database using MariaDB. Access the MariaDB shell as root using the following command:

sudo mariadb -u root

Once in the MariaDB shell, create a new database using the following command:


Next, create a new user account for WordPress with the following command:


Replace “WPUSER” and “PASSWORD” with your desired username and password.

Finally, assign the newly created user account access to the WordPress website database only using the following command:


After creating the user account, flush the privileges to ensure the new changes take effect with the following command:


Lastly, exit the MariaDB shell by typing:


Set WordPress Configuration Files

Setting up the WordPress configuration files is an important step in the installation process. This involves renaming the sample wp-config.php file and entering the necessary configuration details.

Navigate to the WordPress directory using the following command:

cd /var/www/html/wordpress/

Copy the wp-config-sample.php to wp-config.php using the following command:

sudo cp wp-config-sample.php wp-config.php

Using a text editor, bring up the newly copied wp-config.php file:

sudo nano wp-config.php

Next, enter the database name, user account with a password, and host IP address if necessary.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */ 

define( 'DB_NAME', 'WORDPRESSDB' );                 <--------------- change this

/* MySQL database username */ 

define( 'DB_USER', 'WPUSER );                               <--------------- change this

/* MySQL database password */

define( 'DB_PASSWORD', 'PASSWORD' );             <--------------- change this

/* MySQL hostname, change the IP here if external DB set up */ 

define( 'DB_HOST', 'localhost' );

/* Database Charset to use in creating database tables. */

define( 'DB_CHARSET', 'utf8' );

/* The Database Collate type. Don't change this if in doubt. */

define( 'DB_COLLATE', '' );

In addition to these settings, you can also add the following to the wp-config.php file to improve WordPress management:

/** ## Save files direct method ## */
define( 'FS_METHOD', 'direct' );

/** ## Increase memory limit, 256MB is recommended ## */
define('WP_MEMORY_LIMIT', '256M');

The memory limit for your dedicated server or VPS can vary depending on your system’s capacity. It is possible to increase or decrease the 256 MB memory limit in small increments, such as 128 MB, 256 MB, 512 MB, etc. However, it is important to note that it is recommended to only make small adjustments to the memory limit for optimal performance and stability.

Example of what your configuration may look like:

Set WordPress Security Salt Keys

One crucial step in ensuring your WordPress installation’s security is setting WordPress security salt keys. These keys serve as an added layer of security that helps protect your WordPress site from potential attacks, thereby securing user authentication and data encryption.

You can generate your security salt keys by visiting the WordPress secret-key API at Once generated, replacing the example lines in the wp-config.php file with the new keys is crucial to ensure an additional layer of security to user authentication and data encryption.

It is crucial to note that the example lines provided for reference should not be used. Utilizing pre-generated salt keys may make your site susceptible to attacks. Hence, generating unique keys for each WordPress installation is highly recommended to ensure maximum security.

To incorporate the newly generated security salt keys into your wp-config.php file, open the file using a text editor.

sudo nano /var/www/html/wordpress/wp-config.php

Next, locate the lines in the wp-config.php file corresponding to the example keys.

define('AUTH_KEY',         'VI@9bl!&zoFQ:wd|:R3{o+YodV{bQN`V4r0+9ULs9hj?A;hUMWQi1N,<z%*: @>(');
define('SECURE_AUTH_KEY',  '[m0xr1B?Z%7i9,r]j&pAf5z>sLQT mRo_F]iu`J#kkgx?v45xtreEv,<7)T|JUTO');
define('LOGGED_IN_KEY',    '~eX4qk?c]ZN4O,ST2B-~0YI|81.<Oo5KUI7WRD,ZI8vZLlg+xrP95y fG-+TOsk<');
define('NONCE_KEY',        '/?@h:5<BPlLqg)a!#P<MrGvaSrEG5Z3& 2d$7Hi|agBf#J1rj^|5ps4M-.(/_ME!');
define('AUTH_SALT',        '4_+B IiG<64lHCVcmdr=W^?[*|5{0p_s0TTAq|wvt3!$[t9zE)X2%we1,Ph6fQV;');
define('SECURE_AUTH_SALT', ')SoZet~^L%Jqs<6O&|A|rlj!%6:qG1zI|U,cM98ebon^DKw&K)s`EX3]usB6|v&M');
define('LOGGED_IN_SALT',   '&oU_<k9Yy&j*0|g=+YK<_-_oK&g-Y;bOdq7a=W3W[-.&&|kP{|]=+:lZ!g17CsbU');
define('NONCE_SALT',       ';VF,V+E}}s>@UyCw^7x||nQw+KXz|7o+m>mg<jTeFGszse>L9T4#CE{khOqJ3gw,');

After generating your unique salt keys from the WordPress API, replace each example phrase in the wp-config.php file with the new keys. Remember to save and exit the file after replacing all the example phrases. Using the nano editor, you can save by pressing “CTRL+X” and “Y”.

Generating and setting unique security salt keys is a critical step in ensuring the security of your WordPress site. These measures add a layer of protection to your site, guarding against potential attacks and safeguarding sensitive data. If you suspect a security breach, it is highly recommended to regenerate your keys immediately to enhance your site’s security.

Example of salt key examples in your Debian server for WordPress:

Nginx Server Block Configuration

Configuring the Nginx server block is crucial in installing WordPress through the web UI. To ensure a smooth installation, paying close attention to the listed settings is important, especially the “try_files $uri $uri/ /index.php?$args;” directive. Omitting the “?$args” could cause problems with the REST API of WordPress. It’s recommended to follow the instructions carefully to prevent any issues that may arise during the installation process.

Creating a new server configuration file is necessary to configure your Nginx server block for WordPress installation. To accomplish this, you can use the following command, ensuring that you replace “” with your domain name:

sudo nano /etc/nginx/sites-available/

To ensure that Nginx functions correctly with PHP, including “location ~ .php$” in the server block configuration file is important. Below is an example configuration file that you can use as a guide, but remember to update the root path and domain names to match your specific configuration:

server {
  listen 80;
  listen [::]:80;
  root /var/www/html/wordpress;
  index index.php index.html index.htm index.nginx-debian.html;

  location / {
    try_files $uri $uri/ /index.php?$args;

  location ~* /wp-sitemap.*\.xml {
    try_files $uri $uri/ /index.php$is_args$args;

  client_max_body_size 100M;

  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 128k;
    fastcgi_intercept_errors on;

  gzip on;
  gzip_comp_level 6;
  gzip_min_length 1000;
  gzip_proxied any;
  gzip_disable "msie6";
  gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/xhtml+xml application/xml font/eot font/otf font/ttf image/svg+xml text/css text/javascript text/plain text/xml;

  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
    expires 90d;
    access_log off;

  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
    add_header Access-Control-Allow-Origin "*";
    expires 90d;
    access_log off;

  location ~ /\.ht {
    access_log off;
    log_not_found off;
    deny all;

It is important to note that if you have installed a different version of PHP and PHP-FPM or your version of Debian uses a different default version, you should update the corresponding line in the Nginx configuration file. For instance, to use PHP-FPM 8.2, you would replace the line “fastcgi_pass unix:/run/php/php8.1-fpm.sock;” with “fastcgi_pass unix:/run/php/php8.2-fpm.sock;”. It is crucial to ensure that the version specified in the configuration file corresponds to the version installed on your system to prevent any issues with functionality.

For users installing Nginx and WordPress for the first time, you may find information on the server block example below.

  • Basic server settings:
    • Defines basic settings for the server block, including IP address and port for Nginx to listen on and server name(s) for the block.
    • The “root” directive specifies the root directory where website files will be located.
    • The “index” directive specifies how Nginx should look for index files when serving the site.
  • Location settings:
    • Contains “location” blocks that define how Nginx should handle requests for different URLs.
    • The first “location” block handles requests to the root URL of the site and uses the “try_files” directive.
    • The second “location” block handles requests for the WordPress sitemap.xml file.
  • PHP handling settings:
    • Defines how Nginx should handle PHP files.
    • The “fastcgi_pass” directive specifies the location of the PHP-FPM socket file.
    • The “fastcgi_param” directive sets the value of the “SCRIPT_FILENAME” parameter to the location of the requested PHP file.
    • The “include” directives load additional configuration files for the FastCGI module.
    • The “fastcgi_buffer_size” and “fastcgi_buffers” directives set the buffer size to pass data between Nginx and PHP-FPM.
    • The “fastcgi_intercept_errors” directive allows Nginx to intercept and handle PHP errors.
  • Gzip compression settings:
    • Defines Gzip compression settings to reduce the file size sent to the client.
    • The “gzip” directive enables Gzip compression.
    • The “gzip_comp_level” directive sets the level of compression to use.
    • The “gzip_min_length” directive sets the minimum size of a file to be compressed.
    • The “gzip_proxied” directive specifies which types of requests should be compressed.
    • The “gzip_types” directive lists the MIME types that should be compressed.
  • File caching settings:
    • Defines settings for caching static files to speed up the website.
    • The first “location” block sets the expiration time for files used for assets and media.
    • The second “location” block sets the expiration time for files used for fonts and SVGs.
    • The “access_log” and “log_not_found” directives control the logging of these requests.
    • The “add_header” directive sets the “Access-Control-Allow-Origin” header to allow the loading of fonts and SVGs from other domains.
  • .htaccess file blocking:
    • Blocks access to files starting with “.ht”, typically used for sensitive server configuration files.

This list provides a comprehensive overview of the settings for configuring Nginx for WordPress installation. Users can ensure that their Nginx server is properly configured to handle requests and improve website performance by following these settings.

To finalize the configuration of the Nginx server block, you must enable the configuration file from the “sites-available” directory by creating a symbolic link to the “sites-enabled” directory. You can use the following command, replacing “example.conf” with the name of your configuration file:

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

This will create a symbolic link between the two directories and allow Nginx to access the configuration file. Once this is done, you can test the configuration using the following command:

sudo nginx -t

If there are no errors, you can restart Nginx using the following command:

sudo systemctl restart nginx

This will apply the changes to the server block configuration and make your WordPress site accessible through Nginx.

PHP.ini Configuration

Optimizing your PHP configuration is essential for ensuring optimal performance when using WordPress. To accommodate media files in WordPress, it is recommended to increase the maximum upload size, post size, and memory limit. Additionally, you may need to adjust the maximum execution time and input variables to avoid any issues.

Open your php.ini file through your terminal. Note that the file’s location may vary depending on your PHP version number:

PHP 8.0 Example:

sudo nano /etc/php/8.0/fpm/php.ini

PHP 8.1 Example:

sudo nano /etc/php/8.1/fpm/php.ini

PHP 8.2 Example:

sudo nano /etc/php/8.2/fpm/php.ini

To configure the PHP settings to your requirements, locate and modify the following lines in your php.ini file:

##increase this to the maximum file size you want to upload, recommended 50 to 100MB## 
 upload_max_filesize = 100M

##increase this to the maximum post size you want to allow, recommended 50 to 100MB##
 post_max_size = 100M

##increase this to the maximum execution time, recommended 150 to 300 seconds##
 max_execution_time = 300

##increase this to the maximum GET/POST/COOKIE input variables, recommended 5000 to 10000##
max_input_vars = 5000

##increase this to the maximum memory limit, recommended 256MB or 512MB. Note that you should ensure your system has enough RAM before raising this.##
memory_limit = 256M

Once you have made changes to your PHP settings, it is essential to restart your PHP-FPM server. You can do this by running the appropriate command for your PHP version. This step ensures the new settings take effect and your WordPress site can function optimally.

Modify the Nginx server block to allow larger body sizes to ensure that large files can be uploaded to your WordPress site. To do this, open your server block configuration file and add the following line:

##set to the maximum upload size you set in upload_max_filesize.##
client_max_body_size – <size>

By setting the client_max_body_size parameter, Nginx will allow larger HTTP request bodies to be accepted, which is necessary for handling larger file uploads. Make sure to set the value of client_max_body_size to the same maximum upload size that you set for upload_max_filesize in your PHP configuration.

If you have modified the PHP configuration file to adjust the upload size, post size, and memory limit for optimal WordPress use, you must restart the PHP-FPM server to apply the changes. The command to restart the server may vary based on your PHP version. To identify the correct version of PHP, refer to your system’s documentation.

Once you have identified the correct version of PHP, use the appropriate command to restart the PHP-FPM server. Below are examples of the commands for various PHP versions:

Here are some examples of the command to restart PHP-FPM for different PHP versions:

PHP 8.0 Example:

sudo systemctl restart php8.0-fpm

PHP 8.1 Example:

sudo systemctl restart php8.1-fpm

PHP 8.2 Example:

sudo systemctl restart php8.2-fpm

Install WordPress Front-end

Once you have completed the backend setup and configuration, you can install WordPress on your domain. To initiate the installation process, navigate to the installation address, which can be either your domain name preceded by “https://” or “http://”. Alternatively, you can use the URL “”.

Upon accessing the installation address, you will be directed to the front-end installation wizard. On this page, you can choose your preferred language and proceed by clicking the “Continue” button.


Once you proceed from the front-end installation wizard, you will arrive at a page where you can enter your site title, username, password, and email address of the main admin associated with the WordPress site. It is crucial to set a strong password and a working email address for security purposes, as all other settings can be adjusted later in the WordPress settings panel.


If you wish to keep your website private and prevent search engine bots like Google or Bing from indexing it while it’s still in development, you can enable the “strongly discourage search engines from indexing” option.

After inputting your information and preferences, click the “Install WordPress” button at the bottom of the page. If the installation process is successful, you will be directed to a login page.


After entering your login credentials, click the “Log In” button. This will take you to the WordPress dashboard to build or import your website.


Upon successful login, you will be directed to the WordPress dashboard, the central location, to access the site’s functionality. From the dashboard, you can create new posts and pages, manage themes and plugins, and customize your website’s appearance, content, and functionality. The dashboard’s intuitive and easy-to-use interface is designed to help you get your website up and running quickly, making it easy to create a professional and engaging website with just a few clicks.


Additional Tips

Secure WordPress and Nginx with Let’s Encrypt SSL Free Certificate

For optimal web server security, running Nginx on HTTPS with an SSL certificate is advisable. To facilitate this, Let’s Encrypt provides a free, automated, and open certificate authority that can help you set up SSL certificates for your Nginx server.

To begin, it’s essential to install the certbot package. You can install it by using the following command:

sudo apt install python3-certbot-nginx

After successful installation of the certbot package, you can create your SSL certificate by executing the following command:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email -d

Upon installing the certbot package, you will be prompted to create your SSL certificate using a command that includes your email and domain name. During the installation process, you will also be given the option to receive emails from the EFF. You can choose whether or not to opt-in based on your preferences.

Once the certificate is installed, your website’s URL will change from HTTP to HTTPS, and visitors accessing the old HTTP URL will be automatically redirected to the new HTTPS URL. This setup includes HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling for optimal security.

To ensure your SSL certificate remains valid, it is recommended to set up a cron job for automatic renewal. Certbot provides a script for this process, and you can run a dry run test before finalizing the setup. By keeping your SSL certificate up-to-date, you can maintain the security and integrity of your web server.

sudo certbot renew --dry-run

To access the crontab configuration, use the following terminal command:

sudo crontab -e

To ensure your SSL certificate stays current, you can schedule automatic renewal using a cron job. To open the crontab window, execute the following terminal command. Then, use the tool as a reference to set the auto-renewal time. Checking for renewal at least once daily ensures the certificate stays up-to-date. The can help calculate the appropriate cron timings.

00 00 */1 * * /usr/sbin/certbot-auto renew

Following the steps outlined above and using Let’s Encrypt to install an SSL certificate, your Nginx server will have robust security measures.

How to Fix PHP Session Errors

If you’re experiencing issues with session saving while using specific plugins, the problem could be caused by incorrect user permissions within the /var/lib/php/sessions/ directory. Fortunately, resolving this issue is easy with a single command.

To fix the problem, execute the following command:

sudo chown -R www-data:www-data /var/lib/php/sessions/

By executing the given command, you can assign the www-data user and group as the owner of the sessions directory, thus allowing WordPress to write session information without encountering any errors. This is a crucial step that ensures your WordPress site’s smooth and efficient functioning, especially when using plugins that automate tasks like social media posting. Fixing PHP session errors is essential to optimize the performance of your website and enhance the user experience.

Fixing HTTPs redirect loop in wp-config.php

Suppose your WordPress site is stuck in a redirect loop after enabling HTTPS. In that case, it may be because WordPress is continuously attempting to redirect to the secure HTTPS version of your site, but the redirect is never completed. To address this issue, you can try adding the following lines of code to your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
    $_SERVER['HTTPS'] = 'on';

The first line defines the constant FORCE_SSL_ADMIN and sets it to true. This constant forces all admin pages to use HTTPS. The second block of code checks if the HTTP_X_FORWARDED_PROTO header contains the string “https”. If it does, it sets the HTTPS server variable to “on.” This tells WordPress that the connection is secure and should be treated as such.

Adding these lines of code to your wp-config.php file can resolve the issue of your site is stuck in an HTTPs redirect loop after enabling HTTPS on your WordPress site.

Fix Domain Name Redirect Loop

To fix a redirect loop issue in your WordPress site, it is important to ensure that the domain name listed in your wp-config.php file matches the actual domain name of your website. You can check this by reviewing the following line:


If the domain name is incorrect, update it to match your website’s domain name. However, if you have already updated the domain name and the redirect loop issue persists, it could be a server configuration issue. In such cases, contacting your hosting provider for further assistance is recommended.


In conclusion, WordPress is a powerful and flexible content management system that is easy to install and configure. Following the steps outlined in this guide, you can create a highly optimized and secure WordPress installation on your Debian 10 Buster or Debian 11 Bullseye server. From configuring Nginx to installing and optimizing WordPress, you should now understand how to create a fully functional and secure WordPress site. Always back up your site regularly and update your software to ensure optimal performance and security. With the right tools and knowledge, anyone can create a professional and engaging website using WordPress.

Share to...