WordPress

• “WordPress is a factory that makes webpages” Fred Meyer

WordPress is a free and open-source content management system. Originally it was intended to be a blog-publishing system, but has evolved to support other web content types including more traditional mailing lists and Internet forums, media galleries, membership sites, learning management systems (LMS) and online stores. WordPress is used by 42.8% of the top 10 million websites as of October 2021.

Before you deploy your first WordPress Droplet

Get a Domain name

Use this DNS quickstart guide to get your DNS setup on DigitalOcean. You’ll first need to purchase and register your domain through a third party, such as Name.com, GoDaddy, etc…

• Why do you need a domain name?

This is how others will access your server and how you and your users will be identified on the network.

Software Included

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Creating an App using the API

In addition to creating a Droplet from the WordPress 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB WordPress Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "wordpress-20-04"}' \
        "https://api.digitalocean.com/v2/droplets"

Getting Started After Deploying WordPress

On your first SSH login to the droplet or launch of the Droplet console of your WordPress Droplet 1-Click, you will be greeted by a WordPress setup script.

If you do not have a Domain yet you can enter the IP address of your Droplet into the setup script when prompted for the Domain/Subdomain instead.

The first step is to enter your domain name. Make sure that your domain is pointing to the new droplet IP. If your DNS is managed by DigitalOcean, it should look like this:

The DNS Host may be the same company you registered the domain with or another entity you designate. To connect your DNS hosting to DigitalOcean, check out this guide.

Once your A record is set up, you are ready to enter your domain in the script:

Next, the script will ask you user-related data:

After you acknowledge data is correct, the script will ask if you want to configure HTTPS automatically for your droplet. We highly recommend setting HTTPS since using a domain is useless without it.

You will need to provide the email address which will receive security and renewal notices:

Finally, after reading the LetsEncrypt Terms of Service and selecting whether to share or not your email address with the Electronic Frontier Foundation, the script will ask you which domain names would you like to activate HTTPS for:

Consider activating HTTPS for both naked and WWW versions of your domain by specifying 1,2.

WordPress will take a few minutes to set up plugins and finish installation, after that you can access your fresh WordPress Droplet by typing your domain name in the browser. For accessing the admin console, use https://%YOUR_DOMAIN%/wp-admin.

If you entered an IP address instead of the Domain name you can access the admin console by using https://%YOUR_IP%/wp-admin instead.

Getting started with WordPress

WordPress official website has quite a few excellent sources of information for beginners and even experienced users.

If you are starting your journey with WordPress, consider taking a look at the official courses.

Articles page contains some lovely ideas on how to improve your WordPress website. Or you can get exclusive knowledge from WordPress experts on webinars.

Droplet Summary

• The root password for the MySQL instance running on your Droplet is in /root/.digitalocean_password. The Droplet root user will not be prompted for the MySQL password.
• If you’re connecting to a DigitalOcean Managed Database, your MySQL connection information can be found in /var/www/html/wp-config.php.
• The web root is /var/www/html, and the WordPress configuration file is /var/www/html/wp-config.php.
• You can get information about the PHP installation by logging into the Droplet and running php -i.
• UFW firewall allows only SSH (port 22, rate limited), HTTP (port 80), and HTTPS (port 443) access.
• Droplet sets the MySQL root password, runs mysql_secure_installation, and creates a wordpress user with the necessary permissions. The Droplet root user will not be prompted for the MySQL password. Keep in mind that if you’re connecting to a DigitalOcean Managed Database, the locally installed database will be disabled.
• Droplet sets up the debian-sys-maint user in MySQL so the system’s init scripts for MySQL will work without requiring the MySQL root user password.
• Droplet creates the initial WordPress configuration file to set up salt keys and allow the WordPress instance to connect to the database.
• XML-RPC is disabled to help prevent DDoS and other brute force attacks.
• Some of PHP’s settings are modified to increase the maximum file size and execution time.
• Apache rewrite module is enabled so the WordPress permalink feature will work.
• Apache is configured with UseCanonicalName On to mitigate CVE-2017-8295.

Protect your Wordpress deployments with WPGuardian!

WPGuardian keeps all your WordPress sites up-to-date and protected. Embrace proactive security to maintain control and visibility over the status of both sites and servers, all in one SaaS panel.

Backup your Wordpress data with SnapShooter

SnapShooter, an offering from DigitalOcean, offers comprehensive backup solutions for all your cloud resources, including your WordPress application data. To access SnapShooter, navigate to the left-hand navigation menu in your DigitalOcean cloud console. As part of the free tier, you can back up a single resource, such as your WordPress application data.