In this guide I’ll cover what I feel is the best current option for installing WordPress on a DigitalOcean VPS.
DigitalOcean has been my preferred web hosting platform for a few years. I’ve set up a handful of servers there, but never really took the time to document any part of that process.
So when a new project rudely elbowed its way to the top of my TODO list, I decided to make more careful notes and share them.
First, if you don’t have one already, sign up for a new DigitalOcean account. As a bonus for signing up through my DigitalOcean link, you’ll get a free $100 credit for the next 60 days to test out the service, and you’ll help support this site.
That involves selecting a template from the DO Marketplace.
The OpenLiteSpeed WordPress template will install everything that you need to rapidly deploy your WordPress site, notably:
WordPress 5.3 – Of course, the most important component, the most recent release of WordPress. Best of all, this template is maintained by LiteSpeed. You may see slightly newer versions during your own install. All of this is deployed via DO’s scripted processes on to Ubuntu 18.04 LTS. The Long Term Support release means that the server will receive security patches for a few extra years.
Now that we’ve chosen the template, let’s dive into the details.
WordPress sites tend to be relatively light on resources. Unless you’re planning to migrate a high-traffic site to DO, a small server will be likely be enough. In fact it’s possible to run multiple separate WordPress sites on a single small VPS.
I chose a basic $5/mo 1GB RAM plan, and I can scale up the server stats in the backend as needed.
I also chose to enable DigitalOcean’s automated weekly backups (at the bottom of the page). Nice to have in the event of catastrophe. For daily backup options, there are a number of WordPress plugins from which to choose.
During the droplet creation you can configure login authentication into the server. If you already have an SSH generated, upload the public key to DO and you’ll be granted login capability immediately. Otherwise, you can always get a plain ol’ password emailed to you.
DigitalOcean provides datacenters worldwide.
For the best performance, you’ll typically want to choose a region closest to where you live.
Once you click the create button at the bottom of the screen DigitalOcean will provision the server in the background. It will let you know when it’s ready to go.
You’ll need to point a domain name to your new server’s IP address next.
On your project’s home page, you should see your newly-provisioned Droplet. Click the ellipsis
... symbol on the far right of the row to reveal a dropdown, then choose Add a domain.
Click the domain’s name to edit the DNS records. You should see an A record and a few NS (nameserver) records.
Remember that you must also configure your domain itself to point to DigitalOcean. Every domain registrar (DreamHost, Name.com, GoDaddy, etc.) all have different user interfaces. Generally you’ll do this in your domain registrar’s UI by changing the nameservers to
On the next page, type in your domain name next to your chosen server and click create, and you should see it populate in the list.
Note: by default DigitalOcean does not send www subdomain traffic to your server! If you want your domain to start with www, you’ll need to add a new A record with a hostname of “www” manually.
Don’t worry if you’re unable to immediately reach the server by typing the domain name into your browser.
Legend has it that DNS changes can take anywhere from a few minutes to a couple hours — days? — to propagate worldwide.
While we wait for our changes to spider their way through the netiverse, we can move on to finish up the server config.
Once your server is available for use, log into via a terminal SSH session to the public IP address. If you don’t already know it, you can find it in DigitalOcean’s web UI.
184.108.40.206 with your server’s IP.
$ ssh firstname.lastname@example.org
On first login, you’ll be presented with a similar message from the OpenLiteSpeed template’s install wizard.
Welcome to One-Click OpenLiteSpeed WordPress Server. To keep this server secure, the UFW firewall is enabled. All ports are BLOCKED except 22 (SSH), 80 (HTTP) and 443 (HTTPS). # Many lines omitted...
The message text will go on to tell you where to find important things, like the addresses to visit your WordPress install, where to see the included phpMyAdmin install, and how to view your (auto-generated) database credentials.
You’ll be prompted to enter the domain name that you set up previously. Both your web server and WordPress instance will be configured with this domain name.
In your waning minutes with the template install wizard (enjoy it while it lasts!) your final prompts will be for an email address to provision and configure a Let’s Encrypt security certificate for your website. During my configuration, I chose to force visitors to use HTTPS.
Enter ‘y’ to finish up with a full server update. Y not?
You’d be crazy to use the
root account for everything you do on the server — depending on your security preferences, you may even choose to disable SSH root authentication entirely.
Instead we’ll need a regular user account that we can use for day-to-day maintenance. I named my user
$ adduser deploy $ adduser deploy sudo
Enter a password and then continue with the prompts. You can safely leave all other user attributes blank.
Unfortunately you won’t be able to log in yet with the
deploy user. You’ll first need to enable password authentication for SSH connections.
$ nano /etc/ssh/sshd_config
PasswordAuthentication line and make sure it is set to yes.
For the changes to take effect, you’ll need to restart the SSH daemon.
$ service sshd restart
Save and close the file, then type
exit to log out of your server.
Next from your local development terminal, you’ll want to copy your SSH key up to the server for the
deploy user (and also
root if you authenticated with a password).
$ ssh-copy-id email@example.com
If everything worked right, you ought to now be able to log in with SSH authentication into the
$ ssh firstname.lastname@example.org
Once you’re in, go back into the SSH config file and disable password authentication.
$ nano /etc/ssh/sshd_config
You may now also choose to disable root authentication by changing
PermitRootLogin from yes to no. Other security settings are outside the scope of this guide.
$ service sshd restart
Beautiful! Almost done.
Hooray! Now you ought to be able to visit your server at
http://220.127.116.11 (or your chosen domain name) and begin the WordPress 5-minute install.
Create your WordPress user account credentials, log in, and you’re in business!
But, my friend, this is not the end of your DigitalOcean VPS journey. It is only the beginning.
You’ll next want to review a few links for security guides and practices for maintaining the server.
This link is a good summary of those options: https://www.digitalocean.com/community/questions/best-practices-for-hardening-new-sever-in-2017
The good news is that the most important parts (configuring a non-root user, enabling a firewall, etc.) were already either covered in this guide or handled during the initial template install.
Happy WordPressing and good luck!
Sign up for our newsletter to stay updated.
Curated WordPress Resources