Kembali ke Blog
BLOG

Deploying WordPress on Ubuntu 22.04 with Apache, MariaDB, and PHP 8.2

31 May 2026 Administrator
Header Hero

Deploying WordPress on Ubuntu 22.04 with Apache, MariaDB, and PHP 8.2



WordPress stands as the most widely used content management system (CMS) and blogging platform across the globe. Built primarily on the PHP programming language and backed by MySQL/MariaDB database engines, WordPress provides an incredibly intuitive dashboard that allows users to seamlessly deploy and oversee modern websites, personal blogs, or custom web applications without complex coding overhead.



Initial Infrastructure Prerequisites


Before launching into the implementation steps, ensure you have provisioned a Virtual Private Server (VPS) equipped with full root administrative access. This guide centers around an Ubuntu 22.04 LTS environment; however, the steps remain highly compatible if you are executing them on legacy distributions like Ubuntu 20.04 or 18.04. Additionally, verify that you have configured your domain's DNS settings to map your public server IP address to your target web domain.




Alternative Setup Guide: How to Install WordPress on Ubuntu 24.04 Utilizing Nginx, MariaDB, and PHP 8.3 (LEMP Stack).


High-Level Implementation Outline


The provisioning sequence for this self-hosted application architecture involves the following tasks:



  1. Updating internal server repository indexes and adjusting regional time localization settings.

  2. Deploying and configuration testing the Apache HTTP web server.

  3. Installing the MariaDB transactional database management system.

  4. Adding custom repositories to compile the PHP 8.2 runtime engine and foundational extension libraries.

  5. Fetching, unpacking, and assigning permissions to the canonical WordPress core source distribution.

  6. Structuring isolated application databases, users, and relational privilege controls.

  7. Engineering a secure, hardened Apache Virtual Host configuration file.

  8. Enforcing system-wide transport encryption layers utilizing Let's Encrypt SSL automation.





Step 1: Refreshing Core System Repositories


As a foundational security measure, execute a system-wide update to pull down the newest package indexes and patch existing operational dependencies:



sudo apt update && sudo apt upgrade -y


Configuring System Time Localization


Aligning your server's operational clock with your physical geographic area is critical for accurately tracking internal system log files, managing cron scheduling sequences, and monitoring background transactions. In this step, choose your appropriate timezone (e.g., Asia/Jakarta for West Indonesian Time):



sudo dpkg-reconfigure tzdata




Step 2: Installing and Launching the Apache Web Server


With system dependencies updated, install the Apache web server package alongside its standard helper utilities:



sudo apt install -y apache2 apache2-utils


Initialize the main server process daemon and instruct the host system to run the web server automatically across subsequent hardware reboot sequences:



sudo systemctl start apache2

sudo systemctl enable apache2


Validate the installation by pointing a web browser to your VPS public network address. The default Apache Ubuntu splash verification block should load on your screen.





If the network query hangs, it indicates that local host firewall matrices are blockading external web queries. Resolve this constraint by opening incoming ports 80 and 443 within the Netfilter engine iptables rules:



sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT


Refresh your web browser connection to ensure that the server infrastructure successfully responds to public requests.





Step 3: Provisioning the MariaDB Database Engine


A relational backend engine is required to organize your content tables. Deploy the MariaDB client and database cluster utilities using the following execution block:



sudo apt install -y mariadb-server mariadb-client


Once compiled, spin up the active database service, register it to launch on system boot, and monitor its active daemon states to guarantee operational stability:



sudo service mariadb start

sudo systemctl enable mariadb

sudo service mariadb status


Verify that your console screen returns a stable and active operational message status.







Step 4: Compiling the PHP 8.2 Execution Runtime Environment


WordPress requires a modern version of the PHP interpreter. To ensure optimal stability and features, deploy PHP 8.2 alongside the specific processing extensions required by the application.



First, fetch the cryptographic security distribution structures and download properties required for managing advanced software repositories:



sudo apt update

sudo apt install -y lsb-release gnupg2 ca-certificates apt-transport-https software-properties-common


Inject the specialized, validated Ondrej PHP APT storage archive tracking list into your server deployment layout:



sudo add-apt-repository ppa:ondrej/php

sudo apt update


Deploy the main PHP 8.2 interpreter binary along with the standard mod_php processor link and application dependencies:



sudo apt install -y php8.2 libapache2-mod-php8.2 php8.2-bcmath php8.2-xml php8.2-mysql php8.2-zip php8.2-intl php8.2-ldap php8.2-gd php8.2-cli php8.2-bz2 php8.2-curl php8.2-mbstring php8.2-imagick php8.2-tokenizer php8.2-opcache php8.2-redis




Step 5: Extracting the Official WordPress Core Archive


Instead of relying on automated package scripts, we will install the application directly from its official distribution source files to maintain complete code transparency.



Pull down the latest stable compressed archive directly into your server environment workspace:



sudo apt install wget

cd ~

wget http://wordpress.org/latest.tar.gz


Unpack the downloaded tarball structure using the extraction command:



sudo tar -xzvf latest.tar.gz


Migrate the uncompressed folder data over to the primary Apache web document root directory location:



sudo mv wordpress /var/www/wordpress


Duplicate the baseline configuration template file to generate an active wp-config.php file. This file will map out your environment variables and database handles:



sudo cp /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php


Enforce strict operational security permissions, giving file owner management to the default web proxy system account (www-data):



sudo chown -R www-data:www-data /var/www/wordpress/

sudo chmod -R 755 /var/www/wordpress/




Step 6: Constructing the Application Database Architecture


Access the MariaDB command-line terminal workspace to set up isolated data pipelines. Execute the initialization statements using administrative root access privileges:



sudo mariadb


Construct a dedicated database container to house the platform tables:



CREATE DATABASE wordpress_db;


Provision an isolated, non-root system user account and map it to a highly secure custom access password passphrase:



CREATE USER wordpressuser@localhost IDENTIFIED BY 'your-password';


Assign full administrative access permissions on the newly created database tables exclusively to this system account profile:



GRANT ALL PRIVILEGES ON wordpress_db.* TO wordpressuser@localhost IDENTIFIED BY 'your-password';


Apply these access modifications immediately across the engine tracking layers and exit the data shell:



FLUSH PRIVILEGES;

exit;


Your database configuration steps should reflect the standard privilege sequence shown below.







Step 7: Engineering the Apache Virtual Host Configuration Block


An Apache Virtual Host configuration handles public traffic requests, targets directory structural roots, and isolates execution scripts for a specific domain.



Generate a clean configuration document inside the Apache virtual configuration repository using a text editor:



sudo nano /etc/apache2/sites-available/wordpress.conf


Inject the following hardened server rules into the document, making sure to replace domain.com with your actual target production domain name:



<VirtualHost *:80>

    ServerName domain.com

    ServerAlias www.domain.com

    DocumentRoot /var/www/wordpress



    # Disabling directory listing

    <Directory "/var/www/wordpress">

        Options -Indexes

        AllowOverride All

    </Directory>



    # Secure the wp-content/uploads directory

    <Directory "/var/www/wordpress/wp-content/uploads">

        Options -Indexes

        AllowOverride None

        <FilesMatch "\.(php|phtml|php3|php4|php5|php7)$">

            Deny from all

        </FilesMatch>

    </Directory>



    # Security headers

    <IfModule mod_headers.c>

        Header set X-Content-Type-Options "nosniff"

        Header set X-XSS-Protection "1; mode=block"

        Header always set X-Frame-Options "SAMEORIGIN"

        Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS

    </IfModule>



    # Protect sensitive files

    <FilesMatch "^\.">

        Require all denied

    </FilesMatch>

    <Files wp-config.php>

        Require all denied

    </Files>



    # Log files

    ErrorLog ${APACHE_LOG_DIR}/wordpress.error.log

    CustomLog ${APACHE_LOG_DIR}/wordpress.access.log combined

</VirtualHost>


After saving the edits, verify that your text file parameters do not contain syntax configuration anomalies:



sudo apache2ctl configtest


Ensure the terminal checks return a Syntax OK response string before enabling the newly crafted site configuration block:



sudo a2ensite wordpress.conf


Reload the main Apache service to apply the configuration adjustments immediately:



sudo systemctl reload apache2




Step 8: Handling Domain DNS Mapping


To access your site using a custom domain name instead of a bare server IP address, configure your network zone files within your domain provider's dashboard. If you utilize Cloudflare for proxy edge services, create a standard DNS A Record mapping your root and www host variables back to your physical server IP address.





Note that DNS record adjustments can take several minutes to distribute across world caching nodes depending on specified TTL parameters. Utilizing global proxy routing layers typically shortens this validation delay to 1 or 2 minutes.





Step 9: Enforcing Production Let's Encrypt SSL Transport Encryption


To convert the environment into a secure production environment, generate automated TLS validation certificates via Let's Encrypt. Install the Certbot configuration engine alongside the native Apache integration libraries:



sudo apt install -y certbot python3-certbot-apache


Execute the automated validation script to obtain your security keys, configure active rewrite rules, and manage public HTTPS structural redirects automatically. Be sure to swap out the placeholder emails and domains with your live parameters:



sudo certbot --apache --agree-tos --redirect --email admin@yourdomain.com -d domain.com,www.domain.com


Once Certbot concludes its parameter modifications, your installation path will route entirely over secure HTTPS layers. Open your target domain in any web browser to complete the standard graphical database binding wizard screens safely.

DAFTAR ARTIKEL LAINNYA