Install WordPress

WordPress is one of the most popular blogging platforms. It is a free, open-source software package developed in PHP by the WordPress Foundation. Over the years, so many plugins and add-ons have been developed for WordPress that it has become somewhat more of a content management system (CMS) than just a blogging platform. This article covers installing WordPress to a UNPM server.

WordPress can be installed to a website's root directory or to a sub-directory, referred to as  in this article. Installing to a subdirectory allows for using subdomains such as  http://blog.example.com  and for having a non-WordPress landing page for the website.

Nginx configuration
The nginx configuration will require a package-configs directory, package-configs files for the HTTP and HTTPS server blocks and making associated entries to the sites-available file.

Create package-configs files
Create the  files   and  :

Add the following:

The  directive setting will allow for 'pretty' URLs to work in WordPress.

The  file is necessary for WordPress to function properly, but it is not required that the file be publicly accessible. The  should be the server's IP address. Note that WordPress will use an IPv6 address when one is assigned to the server. Check the  file to determine if one is assigned to the server. Also check the error logs to determine if  or any other php file is being blocked when using and logging into WordPress.

Now create the corresponding https version:

Add the following:

To install WordPress to the root directory of a site, simply remove  from the configuration.

These conf files are based on WordPress 3.7.1. The configuration passes only the specific php files necessary to PHP-FPM for WordPress to function. If a page fails to load correctly, please post the issue to the forums to determine if a PHP file was missed.

Edit sites-available file
Open the sites-available file for the domain:

In the HTTP server block, add:

In the HTTPS server block, add:

Test and Restart nginx
Test and restart nginx.

Create WordPress database and database user
Create a WordPress database and database user:

Note that the,   and   will be required for the WordPress configuration process.

Install WordPress to root directory
Download and extract the latest version of WordPress to the root directory.

Install WordPress to subdirectory
Download and extract the latest version of WordPress to the subdirectory.

Navigate to secure  https://www.example.com/wp-admin/install.php  or  https://www.example.com/blog/wp-admin/install.php  depending on the configuration and follow the WordPress installation setup.

Securing WordPress
Edit :

Note that if WordPress is installed to the root directory,  would be used.

Above the line that reads, add:

forces the dashboard to always load through an encrypted session.

prevents editing of PHP files from within WordPress, a potential security threat.

Pretty URLs
Log in to the WordPress dashboard.

Navigate to Settings->Permalinks and select the radio button 'Custom Structure'. There are many different configuration options, though probably the most popularly used is /%year%/%monthnum%/%day%/%postname%/.

WordPress caching
Caching will allow WordPress to perform considerably faster while reducing server load.

Install APC Object Cache Backend
Download the plugin, decompress it, and install it to the  directory:

Note that if WordPress is installed to the root directory,  would be used in the third step, and the same applies when installing Batcache.

Install Batcache
Download the plugin, decompress it, and install it to the  directory and edit  :

Enable caching in
Edit :

Above the line that reads, add:

Verify caching works
Navigate to a blog page in a browser session that is not logged into WordPress and refresh the page several times. In the page source should be a message similar to:

WYSIWYG editor blank
Occasionally, installs of WordPress will result in a WYSIWYG editor that appears to not function, though it is actually functioning with white letters on a white background, and the buttons above the editor will not be present. If this happens, add  above   in the   file.

Plugins
It is generally beyond the scope of this article to discuss plugins, though there are a few useful plugins which are generally desired by many users.

Security
The most common vectors for attack against WordPress come from old plugins. The WordPress.org plugin pages even warn users when a plugin has not been updated for over 2 years.

Another common vector is to brute force WordPress login sites. Installing a plugin such as Limit Login Attempts can reduce the success rate of such attacks, and is particularly useful on sites with many users.

Akismet
Akismet is an anti-spam tool that is invaluable for sites that allow comments. It does require a WordPress.com user account to use and will report some site statistics back to WordPress.com.

Minileven
Minileven is a mobile theme developed for WordPress.com and made available to individual WordPress installations through the Jetpack plugin by WordPress.com. To use this plugin, the server must integrate WordPress.com and will report back various statistics to them. For those not desiring to connect their servers to WordPress.com, it is still possible to install the theme. Install and enable the Jetpack plugin, then through the plugin Activate the Mobile Theme (Minileven), then disable the plugin. Add the Minileven theme to WordPress:

Even though the plugin is disabled, WordPress will still notify through the dashboard of when the plugin has an update. After each update, copy the directory again to update Minleven, but note that the location of Minileven in the Jetpack plugin directory will change from time to time.

To accompany Minileven, install the Device Theme Switcher plugin to tell WordPress which theme to serve to which devices.

Analytics tools
Piwik is a powerful open source web analytics tool that can run on a server without using any outside services. Integrating Piwik into WordPress is easy with plugins such as WP Analytics Tracking, a very simple plugin to paste tracking code into a field which the plugin then adds to all WordPress pages.

Change default email sender
By default, WordPress will use the address of wordpress@example.com with the name WordPress to send emails from. This can be change through a number of methods, but perhaps the simplest is to add a statement to the  file used by themes. For this to work, the code will have to be added to every  for every theme used by the site, and added again after a theme is upgraded.

Paste at the bottom of the file: