How to install WordPress on Ubuntu with Apache and MariaDB

Installing WordPress manually on Ubuntu is the clean path when the server needs a dedicated virtual host, predictable filesystem ownership, and full control over updates. A tarball-based install also keeps the deployment close to the current upstream layout instead of depending on a distro-repackaged WordPress tree.

On Ubuntu, Apache serves the site, PHP runs the application inside the web server process through mod_php, and MariaDB stores posts, users, settings, and plugin data. The wp-config.php file joins those components together, while the virtual host and rewrite settings determine how clean URLs and the installer page are exposed.

Examples target current Ubuntu releases with Apache 2.4 and MariaDB, using a dedicated document root under /var/www// rather than dropping files into the default host. //WordPress// currently recommends //PHP 8.3// or newer, //MariaDB 10.6// or newer or //MySQL 8.0// or newer, and HTTPS support, so a real domain or local host mapping is the safest starting point before opening the site to production traffic. <WRAP info>Related: [[.:redirect-http-to-https]] \\ Related: [[.:disable-xmlrpc]]</WRAP> ===== Steps to install WordPress on Ubuntu with Apache and MariaDB: ===== - Update the package index and install //Apache//, //MariaDB//, //PHP//, and the common //WordPress// extensions. <code>$ sudo apt update $ sudo apt install -y apache2 mariadb-server php libapache2-mod-php php-mysql php-xml php-curl php-zip php-gd php-intl php-mbstring unzip curl rsync</code> - Enable and start the //Apache// and //MariaDB// services. <code>$ sudo systemctl enable --now apache2 mariadb $ systemctl is-active apache2 mariadb active active</code> - Open the local //MariaDB// shell and create a dedicated database and database user for //WordPress//. <code>$ sudo mariadb MariaDB [(none)]> CREATE DATABASE wordpress CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; MariaDB [(none)]> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'strong_password_here'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost'; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> EXIT;</code> <WRAP info>//Ubuntu// commonly authenticates the local //MariaDB// root account through the Unix socket, so sudo mariadb%% is usually the correct entry point.</WRAP>

1. Create a dedicated document root for the WordPress virtual host.

   $ sudo mkdir -p /var/www/example.com/public_html

2. Download the current WordPress tarball to a temporary working directory and extract it.

   $ cd /tmp
   $ curl -LO https://wordpress.org/latest.tar.gz
   $ tar -xzf latest.tar.gz

3. Copy the extracted WordPress files into the site document root.

   $ sudo rsync -a /tmp/wordpress/ /var/www/example.com/public_html/

   The trailing slashes keep the contents of the extracted wordpress directory in the document root instead of nesting another wordpress directory under it.

4. Create wp-config.php from the sample file and add the database connection values.

   $ sudo cp /var/www/example.com/public_html/wp-config-sample.php /var/www/example.com/public_html/wp-config.php
   $ sudo vi /var/www/example.com/public_html/wp-config.php

   define( 'DB_NAME', 'wordpress' );
   define( 'DB_USER', 'wordpress' );
   define( 'DB_PASSWORD', 'strong_password_here' );
   define( 'DB_HOST', 'localhost' );

   Keep DB_HOST as localhost when MariaDB runs on the same host over the local socket or loopback interface.

5. Replace the default authentication keys and salts in wp-config.php with fresh values from the official WordPress API.

   $ curl -s https://api.wordpress.org/secret-key/1.1/salt/

   Paste the returned define(… ) lines over the placeholder salt section in wp-config.php before saving the file.

6. Set ownership and permissions so Apache can read the site files without leaving the whole tree world-writable.

   $ sudo chown -R www-data:www-data /var/www/example.com/public_html
   $ sudo find /var/www/example.com/public_html -type d -exec chmod 755 {} \\;
   $ sudo find /var/www/example.com/public_html -type f -exec chmod 644 {} \\;
   $ sudo chmod 640 /var/www/example.com/public_html/wp-config.php

7. Create an Apache virtual host for the site.

   $ sudo vi /etc/apache2/sites-available/example.com.conf

   <VirtualHost *:80>
       ServerName example.com
       ServerAlias www.example.com
       DocumentRoot /var/www/example.com/public_html
   
       <Directory /var/www/example.com/public_html>
           AllowOverride All
           Require all granted
           DirectoryIndex index.php
       </Directory>
   
       ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
       CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
   </VirtualHost>

   Replace example.com and www.example.com// with the real hostname for the site before enabling the virtual host.</WRAP> - Enable the new site and mod_rewrite, disable the default site, and test the Apache configuration. <code>$ sudo a2enmod rewrite $ sudo a2ensite example.com.conf $ sudo a2dissite 000-default.conf $ sudo apache2ctl configtest Syntax OK</code>

   Pretty permalinks and many WordPress plugins rely on mod_rewrite, so enabling it during the initial build avoids a second pass later.

   Related: How to enable or disable Apache modules
   Related: How to test your Apache configuration

   - Reload Apache so the new virtual host becomes active. <code>$ sudo systemctl reload apache2</code>

   Related: How to manage the Apache web server service

   - Verify that the installer endpoint is reachable before completing the browser-based setup. <code>$ curl -I http://www.example.com/wp-admin/install.php HTTP/1.1 200 OK ##### snipped #####</code>

   If the server already has a working certificate and HTTPS virtual host, use the secure URL instead of HTTP for the installer page.

   - Open http://www.example.com/wp-admin/install.php// in a browser and finish the initial WordPress setup by creating the site title, administrator account, and password.

   After the browser installer finishes, continue with HTTPS, XML-RPC hardening, updates, and backups from the related pages.