How to Deploy WordPress on a VPS with the LEMP Stack

How to Deploy WordPress on a VPS with the LEMP Stack

Running WordPress on your own VPS gives you full control over performance, security, and resources — without the noisy-neighbor limits of shared hosting. The LEMP stack (Linux, Nginx, MariaDB/MySQL, PHP) is the modern, high-throughput foundation most production WordPress sites run on today, because Nginx handles concurrent connections more efficiently than Apache under load.

This guide walks through a complete, production-ready install on Ubuntu 24.04 LTS. If you host on a Skyline Cloud VPS, you also get in-Kingdom data residency and PDPL/NCA-aligned infrastructure — which matters when your audience or compliance scope is in Saudi Arabia and the GCC.

Before you start

You will need:

• A VPS running Ubuntu 24.04 with a public IP and root or sudo access.
• A domain name with an A record pointing to your VPS IP (and www as a CNAME or second A record).
• SSH access to the server.

Throughout, replace example.com with your real domain.

Step 1 — Update the system and install Nginx

SSH into your server, then refresh packages and install the web server:

sudo apt update && sudo apt upgrade -y
sudo apt install nginx -y

Allow HTTP and HTTPS through the firewall:

sudo ufw allow 'Nginx Full'
sudo ufw allow OpenSSH
sudo ufw enable

Visit http://your_server_ip and you should see the default Nginx welcome page.

Step 2 — Install and secure MariaDB

MariaDB is a drop-in, open-source MySQL replacement:

sudo apt install mariadb-server -y
sudo mysql_secure_installation

Answer the prompts: set a root password, remove anonymous users, disallow remote root login, and drop the test database. Now create a dedicated database and user for WordPress:

sudo mysql

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wp_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Use a long, random password — not the example above.

Step 3 — Install PHP-FPM and required extensions

Nginx doesn't process PHP itself, so it hands requests to PHP-FPM. Install PHP with the extensions WordPress needs:

sudo apt install php-fpm php-mysql php-curl php-gd php-mbstring \
  php-xml php-xmlrpc php-zip php-intl php-imagick -y

Confirm the running version (Ubuntu 24.04 ships PHP 8.3):

php -v

Note the FPM socket path — it will be /run/php/php8.3-fpm.sock. For a WordPress workload, raise a couple of PHP limits in /etc/php/8.3/fpm/php.ini:

Then restart FPM:

sudo systemctl restart php8.3-fpm

Step 4 — Download WordPress

Fetch the latest release into the web root:

cd /tmp
curl -O https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
sudo mkdir -p /var/www/example.com
sudo cp -a /tmp/wordpress/. /var/www/example.com

Set ownership so PHP-FPM (running as www-data) can write uploads and updates, but keep permissions tight:

sudo chown -R www-data:www-data /var/www/example.com
sudo find /var/www/example.com -type d -exec chmod 755 {} \;
sudo find /var/www/example.com -type f -exec chmod 644 {} \;

Step 5 — Create the Nginx server block

Create /etc/nginx/sites-available/example.com:

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    root /var/www/example.com;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }

    # Block access to sensitive files
    location ~ /\.ht        { deny all; }
    location = /wp-config.php { deny all; }
    location ~* /(?:uploads|files)/.*\.php$ { deny all; }

    # Long cache for static assets
    location ~* \.(js|css|png|jpg|jpeg|gif|svg|woff2)$ {
        expires 30d;
        access_log off;
    }
}

Enable the site, drop the default, and test the config:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx

Step 6 — Configure wp-config.php

WordPress can write the config during the web installer, but doing it manually is cleaner and more secure. Copy the sample and edit it:

sudo cp /var/www/example.com/wp-config-sample.php /var/www/example.com/wp-config.php

Set your database name (wordpress), user (wp_user), and password. Then replace the placeholder authentication keys with fresh values generated from the official salt service:

curl -s https://api.wordpress.org/secret-key/1.1/salt/

Paste the output over the define('AUTH_KEY', ...) block. These salts harden session cookies.

Step 7 — Finish the install and add SSL

Open http://example.com in your browser. WordPress will ask for a site title, admin username, and a strong password — avoid admin as the username. Complete the wizard and log in.

Now secure the site with a free Let's Encrypt certificate:

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d example.com -d www.example.com

Certbot edits your server block to listen on 443, redirects HTTP to HTTPS, and sets up automatic renewal via a systemd timer. Verify renewal works with sudo certbot renew --dry-run.

Step 8 — Post-install hardening

A few quick wins that pay off in production:

• Auto-updates: enable background minor-core and plugin updates inside WordPress.
• Disable file editing in the admin: add define('DISALLOW_FILE_EDIT', true); to wp-config.php.
• Use object caching (Redis) and a page-cache plugin to reduce PHP and database load.
• Back up regularly to off-server storage so a bad update or attack is recoverable. Skyline Cloud offers managed cloud backup and object storage you can target from your VPS.

For deeper context on WordPress performance and hosting choices in the region, see our WordPress hosting in Saudi Arabia resource hub.

Why host in-Kingdom

If your visitors are in Saudi Arabia, a VPS in a local data center cuts latency dramatically and keeps personal data inside the Kingdom — directly supporting PDPL and NCA expectations. Pair your site with business email hosting on the same provider for a clean, branded you@example.com setup and local Arabic support.

Start building

You now have a fast, secure, fully owned WordPress install on a LEMP stack. Spin up your VPS and deploy in minutes — create your Skyline Cloud account to get started with in-Kingdom data residency and transparent pricing.