One-Click WordPress

Introduction

Vultr's One-Click WordPress application provides everything you need to launch your cloud website hosting with minimal effort. Simply select a server location, choose your size, and click Deploy Now. Your cloud web hosting will deploy in about a minute, and then you are ready to set up WordPress.

WooCommerce Supported

You can install WooCommerce yourself, or use our One-Click WooCommerce app. WooCommerce users should follow the same steps in this guide.

1. Install SSL Certificate

This step is optional but recommended. For better security and convenience, register a domain name and install an SSL certificate. If you plan to use a commercial SSL certificate, see the Commercial SSL section.

If you skip this step:

• Substitute the server IP address for www.example.com.
• You will encounter a certificate security warning.
• Proceed past the warning to complete setup. See our instructions to bypass the HTTPS warning for self-signed SSL/TLS certificates.

To install a free Let's Encrypt SSL certificate:

1. Register a domain name and create a DNS record for the server's IP address. Consult your DNS provider for instructions, or see our guide if using Vultr's DNS.
2. Verify that DNS has finished propagation, and the name is visible throughout the internet before proceeding. Propagation usually happens quickly but could take up to 48 hours in some cases.
3. Connect to your server console or via SSH. Use the root login from the Server Information screen.

4. Install the SSL certificate with certbot. Replace the domain name and email with your values. Notice there are two domain names listed:

   • example.com is the domain root. This is sometimes called the apex domain or the bare domain.
   • www.example.com is the fully-qualified domain name (FQDN).

It's common for websites to respond to both the FQDN and the domain root. For example, the command below creates a multi-domain certificate for both.

    # certbot --nginx --redirect -d www.example.com -d example.com -m admin@example.com --agree-tos --no-eff-email

Certbot should report success when finished.

If you skip this step now and install HTTPS later, you may need one of the popular WordPress plugins to force all content to HTTPS, which fixes any unencrypted links WordPress stored previously.

Certbot is installed by default on Vultr's One-Click WordPress. If you need to update or reinstall, please see the recommended installation steps at eff.org.

2. Log in to WordPress Admin Area

Log in to the admin area:

https://www.example.com/wp-admin/

Substitute your domain, or use the IP address if you didn't register a domain name. If you do not install an SSL certificate, you'll receive a privacy warning for the server's self-signed certificate. It is safe to proceed. See our instructions to bypass the HTTPS warning for self-signed SSL/TLS certificates.

It's also possible, but insecure, to complete this step using the HTTP URL:

http://192.0.2.123/wp-admin/

Enter the security user credentials in the Sign in pop-up. This extra security protects your server while you install WordPress. After your installation is complete, you can disable this pop-up by following these directions.

3. Run the WordPress Wizard

Select your language and click Continue.

Enter your site title, username, and email address. Make a note of the suggested password, or enter your preferred password. Click Install WordPress.

Wait for WordPress to finish the installation, then log in to your WordPress dashboard.

4. Set the Domain Name

Set your domain name in the WordPress dashboard.

• Navigate to Settings > General.
• Edit the WordPress Address (URL) and Site Address (URL) to match your domain name.
• Click the Save Changes button.

WordPress stores complete URLs in the database. If you create content before changing the site URL, some pages may have incorrect links. If you have this problem, make a backup, then consider using a database search-and-replace plugin.

More Information

SMTP Mailer

Reliable mail delivery is a common issue with WordPress sites. The One-Click WordPress server has the SMTP Mailer plugin preinstalled, which authenticates with your SMTP server to send mail. You can activate the plugin in your dashboard under Plugins > Installed Plugins.

Once activated, look for the settings link under the plugin name. Configure the plugin to enable outbound email.

Wordfence Security

Wordfence is an endpoint firewall and malware scanner to protect WordPress. We recommend activating the preinstalled Wordfence plugin for additional security logging and scanning.

Cockpit Control Panel

Access your Cockpit control panel at port 9080. For example:

https://www.example.com:9080

You'll find the username and password on your Server Information page. If you use the Vultr Firewall, make sure to allow access to port 9080.

Cockpit Let's Encrypt SSL certificate

Configure Cockpit for SSL with these steps.

1. Edit /etc/nginx/conf.d/cockpit.conf

   # nano /etc/nginx/conf.d/cockpit.conf
   

2. Look for this line.

   server_name _;
   

3. Replace the underscore with your server's domain name. The top of the file should now look like this.

   server {
           listen 9080 ssl;
           server_name www.example.com;
   

4. Save and exit the file.

5. Edit /etc/cockpit/cockpit.conf

   # nano /etc/cockpit/cockpit.conf
   

6. Replace both instances of the server's IP address with the server's domain name.

   [WebService]
   Origins = https://www.example.com:9080 wss://www.example.com:9080
   ProtocolHeader = X-Forwarded-Proto
   

7. Save and exit the file.

8. Run certbot, following the instructions in the article Install Let's Encrypt SSL on One-Click WordPress App. For example:

   # certbot --nginx --redirect -d www.example.com -d example.com -m admin@example.com
   

Certbot will detect the files you updated and automatically install the certificate for Cockpit.

Disable Cockpit

If you need to disable Cockpit, SSH to the server as root and run the following command:

# systemctl disable --now cockpit.socket

Maldet Security Scan

By default, Maldet is disabled. However, activating Maldet is highly recommended to remove malware from your WordPress site. SSH to the server as root to enable or disable this feature.

Enable Maldet

# systemctl enable --now maldet

Disable Maldet

# systemctl disable --now maldet

PHPMyAdmin Database Manager

Access your PHPMyAdmin installation at https://www.example.com/mysqladmin/. You'll find the username and password on your Server Information page.

SQL Database Access

WordPress uses the MySQL database server. For direct access, SSH to the server as root.

Connect to MySQL

# mysql -u root

The MySQL root password is located in /root/.my.cnf.

XHProf Performance Analysis

Access your XHProf installation at https://www.example.com/xhprof/xhprof_html/. You'll find the username and password on your Server Information page.

Vultr Helper Scripts

Vultr provides helper scripts for common issues. SSH to the server as root to run these scripts.

Reset WordPress Password

If you need to reset your WordPress admin password, the reset-wp-pass.sh script generates a new strong password and updates WordPress for you.

# /opt/vultr/reset-wp-pass.sh
The new password for the account 'AmazingAdmin' is: [redacted password]

Reset Nginx

If Nginx fails to load, you may have a typo or corruption in your configuration files. The fix-vhost.sh script will reset the Nginx configuration to default.

# /opt/vultr/fix-vhost.sh
All vhosts have been restored to their default state!

Check Software Versions

For debugging purposes, our support team may ask for your WordPress and Ubuntu versions. Run the version.sh script.

# /opt/vultr/version.sh
OS: '18.04.4 LTS (Bionic Beaver)'
WordPress: '5.3.2'

Commercial SSL

You can use a Commercial SSL certificate instead of the free Let's Encrypt certificate.

How to install a commercial SSL certificate

1. Obtain a certificate from a certificate authority for your domain.
2. Replace the server.crt and server.key files in /etc/nginx/ssl/ with the commercial certificate. Refer to your certificate vendor's documentation for details.

3. Reboot the server.

   # reboot
   

Certbot considerations

Certbot makes changes to the Nginx configuration. If you used certbot to obtain a Let's Encrypt certificate, return the Nginx configuration files to default before proceeding.

1. Back up your existing Nginx configuration files

   # cp -r /etc/nginx/ /root/nginx
   

2. Revoke your certbot certificate.

   # certbot delete
   

3. Restore the default Nginx configuration.

   # /opt/vultr/fix-vhost.sh
   

How to Disable HTTPS

Disabling HTTPS security is possible but not recommended.

1. SSH to the server as root.

2. Move wordpress_https.conf out of the Nginx configuration folder and reboot the server.

   # mv /etc/nginx/conf.d/wordpress_https.conf /root/
   # reboot
   

Files and Folders of Interest

• phi.ini: /etc/php/7.4/fpm/php.ini
• MySQL logs: /var/log/mysqld*.log
• Vhost conf: /etc/nginx/conf.d/
• Vhost SSL: /etc/nginx/ssl
• WP code: /var/www/html/
• WP uploads: /var/www/html/wp-content/uploads
• wp-cli: /usr/local/bin/wp

Remove wp-admin Security

This script has been removed and is no longer needed for One-Click WordPress deployments after June 2021.

One-Click WordPress has an extra security prompt for the /wp-admin/ page. To remove this feature, run the remove-htaccess.sh script.

# /opt/vultr/remove-htaccess.sh
All basic authentication has been removed!

You will no longer see the extra security pop-up when logging into the WordPress dashboard after running this script.

About One-Click Apps

One-Click apps are updated regularly without notice. When launching a One-Click app, you'll receive our latest version. We do not update deployed instances, and you are responsible for keeping the instance up-to-date. If you design an infrastructure based on One-Click apps and need to ensure the same app version in the future, take a snapshot of the initial deployment and create new instances from the snapshot.