How to Set Up WordPress on a VPS Without Breaking Everything (Probably)

So you want to run WordPress on your own VPS. Good for you! It's cheaper than managed hosting, you'll learn stuff, and when things break at 2 AM, you'll have stories to tell. This guide walks through the actual process—not the sanitized tutorial version, but the one where you hit real problems and figure out what actually works.

We're talking fresh server to working website, with a domain that doesn't make browsers angry and an SSL certificate that proves you're legit.

Why Bother With a VPS Anyway?

Here's the thing: I have this food site. Nothing fancy, just recipes. My other site uses Hugo (which is basically websites for people who like typing in plain text), but the food site needs WordPress because, well, that's what normal people use.

My old VPS subscription was up, and I did what anyone would do—I found a better deal. Better specs, lower price, the whole thing. Moving to a new server meant starting from scratch, which is actually kind of fun if you're into that sort of masochism.

Starting From Zero: Don't Skip The Boring Security Stuff

Most VPS providers toss you a fresh Linux install. Mine came with AlmaLinux 8. I usually go with Ubuntu, but I figured why not try something different? Turns out AlmaLinux is pretty solid. Smooth install, does what it says on the tin.

Before you start installing WordPress and a dozen plugins you'll never use, do the responsible adult thing and secure your server. Future you will thank present you.

Update Everything First

First thing after logging in? Update the system. This gets you the latest security patches and fixes all the bugs that other people found the hard way.

Don't Use Root For Everything

Look, I get it. Root access is convenient. You can do anything! But that's exactly the problem. One typo and you've deleted something important. Make a regular user account with sudo privileges instead. Your blood pressure will thank you.

Set Up Your Firewall

AlmaLinux uses firewalld to keep the bad guys out. By default it's pretty locked down, which is good. You'll need to open ports for the stuff you actually want to run—like your website—but everything else stays closed.

Building Your Website Engine: The LAMP Stack

LAMP stands for Linux, Apache, MariaDB, and PHP. These four things work together to make WordPress actually work:

• Linux is your operating system (you've got that already)

• Apache serves your website files when people visit

• MariaDB stores all your WordPress data in a database

• PHP is what WordPress is written in

Install these and you've got a working web server. Not a working website yet, but we're getting there.

Getting Everything Installed

Use dnf (AlmaLinux's package manager) to install the core components. The commands are straightforward—tell the server what you want, wait for it to download and install, then enable the services so they start automatically.

Make Your Database Actually Secure

MariaDB ships in "please hack me" mode by default. They include a script specifically to fix this. Run it. Set a root password. Remove the test database. The script literally walks you through it.

Give WordPress Its Own Database

WordPress needs its own database and a user account that can access it. Log into MariaDB, create a database with whatever name makes sense, create a user, give that user all the permissions they need for that database, and you're done.

Telling Apache Where Your Website Lives

Apache needs to know where your website files are and which domain they're for. You do this with a Virtual Host configuration file. Think of it as a map that says "when someone visits yoursite.com, serve them files from this specific folder."

Create a file called yoursite.com.conf in /etc/httpd/conf.d/. Inside, you'll specify your domain name, where the files live (DocumentRoot), and where to log errors.

One critical detail: the <Directory> block needs AllowOverride All. Without this, WordPress can't use .htaccess files, which means your permalinks won't work. You'll figure this out when every page except the homepage returns a 404.

Actually Installing WordPress

Now for the fun part—getting WordPress onto your server and making it talk to your database.

Download and Extract

Grab the latest WordPress from their site. Download it to a temp directory, unzip it, and move the files to your site's public folder. Standard stuff.

Fix The Permissions

This is where a lot of people mess up. The web server runs as the apache user, so that user needs to own the WordPress files. If the permissions are wrong, WordPress can't update itself or install plugins. Set the owner to apache:apache and you're good.

Connect WordPress to Your Database

Copy the sample config file to wp-config.php and edit it. Fill in your database name, username, and password—the same ones you created earlier. This tells WordPress where its data lives.

Run The WordPress Installer

Here's a neat trick for testing: edit your computer's hosts file to point your domain to your VPS's IP address. This lets you visit the site without changing your actual DNS records yet.

On Windows, the hosts file is at C:\Windows\System32\drivers\etc\hosts. Add a line with your VPS IP and domain name. Save it. Now when you visit yoursite.com in your browser, your computer will connect directly to your VPS.

The WordPress installer should appear. Pick your language, name your site, create an admin account. Done. You've got WordPress running.

When Permalinks Break (They Will)

So everything's working except your permalinks. Homepage loads fine, but every other page is a 404. This usually means mod_rewrite isn't enabled.

Check if the module is loaded:

sudo apachectl -M

Look for rewrite_module (shared) in the output. If it's there, the module's fine. The problem is probably in your Virtual Host config.

👉 Need reliable VPS performance that doesn't make you troubleshoot at 3 AM? Check out hosting built for WordPress

In my case, I had a typo in the directory path. Changed one character, restarted Apache, everything worked. Sometimes it's the small things.

Pointing Your Domain to Your New Server

Once the site works on the server, it's time to update your DNS. If you're using Cloudflare (and you probably should be), this is easy.

Log into Cloudflare, go to the DNS settings, and update your A records to point to your VPS's IP address. Both the root domain (@) and the www subdomain.

Important: Turn off Cloudflare's proxy (the orange cloud) for now. Click it until it turns gray. This makes traffic go directly to your server, which you need for the next step.

Getting Your SSL Certificate (The Secure Lock Icon Thing)

Nobody trusts a site without HTTPS anymore. Browsers literally warn people before they visit. You need an SSL certificate.

Use Certbot with Let's Encrypt. It's free and it automates everything. Install Certbot, run the setup, answer a few questions, and it handles the rest. It even auto-renews your certificate so you don't have to remember to do it every 90 days.

Fixing The Inevitable Redirect Loop

Here's what happens: you get excited about having SSL and change your WordPress URLs from http:// to https:// before everything's configured properly. Now your site redirects in circles and nothing loads.

The fix is to change the URLs back to http:// in the database, make sure everything's working, then change them to https:// in the WordPress dashboard. Do it in the right order and you're fine.

Once that's sorted, go back to Cloudflare and turn the proxy back on. Your site is now fast, secure, and actually works.

You Made It

So there you have it—from blank server to functional WordPress site. You've got a LAMP stack, a configured database, working permalinks, a domain that actually points to your server, and an SSL certificate that makes browsers happy.

Sure, you hit some bumps along the way. Maybe a typo in a config file. Maybe a redirect loop. Maybe you forgot to open a firewall port and spent 20 minutes wondering why nothing worked. But now you know how all the pieces fit together.

👉 Want a VPS that gives you room to experiment without breaking the bank? Find out why RackNerd works for projects like this

The best part? When something breaks (and something will eventually break), you'll actually know where to look. You built this thing. You understand how it works. And that's worth way more than any managed hosting dashboard.