Category Archive Настройка Wordpress


Install php7 + nginx + MariaDB + WordPress on Debian Jessie

Install php7 + nginx + MariaDB + WordPress on Debian Jessie

Install nginx on Debian

I use the dotdeb repo as they compile nginx with useful addons like x-cache, pagespeed and others. They usually have the latest stable nginx build as well.

Make some changes to the nginx configuration

Add these values in the server block or adjust them if they are already there.

The client_max_body_size is the largest theme or plugin you’ll be able to upload (here 8 megabytes) so adjust that if necessary. It should match the upload_max_filesize in php.ini.

Ctrl+X, Y and Enter

Install PHP 7 on Debian

The dotdeb repository has precompiled php7 packages for Debian Jessie. php7.0-fpm is used for serving PHP pages for nginx.

Note that the benefits of opcache which speeds up your site significantly will be enabled by default with these packages.

Change your pm.max_children value for the php7.0-fpm

Adjust pm.max_children to 10 (make sure there is no leading ;), this is may be higher than necessary, see the formula link below for more precise calculations.

Adjust pm.max_requests, uncomment it by deleting the ; before pm.max and change it from 500 to 200

Ctrl+X, Y and Enter

Note that for the php7.0-fpm www.conf configuration above, you may want to adjust it following this formula in the future.

Adjust some php.ini values

Change your timezone by removing the ; semicolon and adding your country/city (list here).

Use a larger maximum upload size because some plugins are larger than 2 megabytes.

Change max_execution_time so backup scripts and other possible slow scripts have enough time to finish

If you have a large menu like mine with tons of menu items, increase the max_input_vars.

Ctrl+X, Y and Enter to save

Install MariaDB Server on Debian

MariaDB is a MySQL drop in with better performance, luckily it’s in the Debian Jessie repo so installing is easy.

Enter MariaDB (MySQL drop in)

Create the SQL WordPress user, database and grant privileges.

Note that this is not the WordPress user you use to log on but the credentials WordPress needs in wp-config.php to store posts and options in the database.

Tweak the MariaDB configuration

These values should be a good starting point for MariaDB with WordPress

If you are curious about any slow queries or queries not using indexes, enable these features by adding the configuration lines below.

Looking at these from time to time has helped me eliminate poorly coded WordPress plugins

These values will be adjusted in the future after you get some usage statistics and tweaking information from MySQLTuner

Ctrl+X, Y and Enter

Install WordPress

Create the site directory, this is the folder where your WordPress installation will be stored

Enter the site directory, grab the latest WordPress package and unpack it, then adjust the ownership so nginx can read it

Set up WordPress with MariaDB and nginx

Copy the sample wp-config.php file

Open the wp-config.php file to adjust the SQL database used

Adjust these settings so WordPress can connect to MariaDB. They are the values from when you created the SQL WordPress user.

Change ownership of the WordPress directory

Change permissions of the directories to the recommended 0755

Change permission of the wp-config.php file and other files to 0644

Create the WordPress nginx virtual host file

Paste this secure WordPress nginx configuration, if you want to only use or see this post.

Unlink the default site and symlink the WordPress site nginx virtual host

Restart nginx and php7.0-fpm

Now you can enter the IP address of your host into a browser and begin the 2 step process for installing WordPress on your VPS or dedicated server using nginx, MariaDB, php7-fpm.

Next see WordPress APCu Object Cache for PHP7

For additional speed use Redis object cache (guide here) to ease the load on the MySQL server.

For speeding up your site, consider using nginx’s fastcgi caching, personally I prefer using Varnish(guide) so that I can more precisely control the cache – warming up, specifically emptying cache for certain posts, categories etc and selectively purge static files.


Install and Configure Latest Redis Cache for WordPress

Install and Configure Latest Redis Cache for WordPress

Redis-server is a caching system that speeds up WordPress using object cache. Benchmarks show ridiculous speed increases with the PECL Redis extension for PHP. I use Redis caching and Varnish caching for this site and have found it to be the best combination on my 512 MB Digital Ocean droplet for $5 a month.

This guide is for Ubuntu and Debian based systems (Wheezy 7, Jessie 8, Trusty 14.x and Vivid 15.x and later) but should work on CentOS, Fedora and others by making small adjustments to package managers and paths. It provides a secure Redis installation for WordPress in light of recent telnet exploits – no easy root access can be gained from hackers if you follow this configuration tutorial.

Note: If you are on Ubuntu 16.04 please follow my new Redis guide.

Install and Configure Latest Redis Cache for WordPress

Using Redis object cache with WordPress requires two components speed boost your site

  • Redis Server which stores the WordPress object cache
  • Redis PHP extension (phpredis or predis) for php to communicate with the redis-server for storing and retrieving cache

phpredis is the the native c extension so is the fastest and obvious choice, the instructions for compiling from source follow the Redis server installation section.

If you prefer to use predis (redis extension written in php – (read slower)) then you do not need to install phpredis as the WordPress Redis cache plugin will default to predis.

Install Redis Server

This block of code installs the compilation tools, grabs the latest stable redis, builds and installs it. The latest version number can be found here

Create a non-privileged Redis user for maximum security which has no login, valid shell and limited home directory to its PID

Ensure the redis user is there by checking the shadow file

If it isn’t there use the add user command again

Make some changes to the redis configuration

Set daemonize to yes for init.d and systemd services

Change bind to only listen on localhost: to prevent serious security issues

Set maxmemory to 50M so Redis doesn’t use more than 50 MB of RAM. Even with 40 plugins I have never seen Redis use more than 20-30 MB for WordPress object caching.

Change the policy to allkeys-lru which forces redis-server to delete old cache (least recently used objects) when the Redis server starts to run out of memory

Ctrl+X, Y and Enter to save

Create a folder for the pid file

Change permissions so the redis user owns it

Time to start Redis server on boot, only use the init.d script or the systemd script

If you are in doubt which to choose run this command, if it doesn’t say systemd use the init.d script

Redis Server Systemd Script

Create the redis-server systemd script

Paste the Redis server systemd script

Enable the redis-server systemd script

Start the redis-server systemd script

Redis-server init.d Script

Create the Redis server init.d script which may already exist

Paste the redis server init.d script unless it already exists

Make sure the redis-server init.d script is executable

Update the system to use Redis server init.d script

Start the Redis server service

Confirm Redis-server is Secure

These are a few checks to make sure Redis is running securely, first use netstat

Make sure it listening on

You can also make sure the redis process is running as the redis user we specified

If redis says root instead that would be bad, even though it’s listening on the loopback interface

Install phpredis

Install php5-development tools and git, clone the latest phpredis, build and install it.

If you are using php7 you will need the php7.0-dev package for the development tools. You will also need to add -b php7 at the end of the git clone line (not on its own new line) to use the php7 branch of the github repository.

Add the redis extension to php5-fpm for nginx or apache2

For Apache2 add Redis to its php file

For nginx with php5-fpm enable Redis like this

For nginx with php7.0-fpm

Install the WordPress Redis plugin and enable it and enjoy the speed!


APCu Object Cache for PHP7 on WordPress on Ubuntu 16.04

WordPress object cache is a common way to speed up your site. PHP-APCu on Ubuntu 16.04 can help achieve your goal of supreme WordPress or WooCommerce speed.

This guide will show you how to install APCu Object Cache for PHP7 for WordPress on Ubuntu 16.04. There are three installation methods outlined here to best suit your needs. Usually installing from the repository or using PEAR is recommended, for bleeding edge users installing APCu from source it shown as well.

Install APCu Object Cache for PHP7 on WordPress on Ubuntu 16.04

Here are 3 ways to install the APCu object cache for WordPress or WooCommerce.

You should only choose one installation method.

  • Install APCu object cache for WordPress with one of the following methods
    • Install using repository
    • Install using PHP Pear
    • Build PHP-APCu from source
  • Then install the APCu WordPress object cache plugin

Install APCu Object Cache via Repository

Using this method you will not always get the latest version, it is however the easiest method.

Restart your php7.0-fpm service if you are using nginx

Reload Apache if you are using it.

Install APCu Using php PEAR

Another way to install is using php-pear, install it first

Running this command will install APCu.

Add the extension to a custom ini file.

Since I use php7.0-fpm with nginx I am symlinking into the php7.0 fpm and cli folders.

Restart php7-fpm

Apache2 users will want to symlink this file

Apache users reload the Apache service

Install APCu from Source Manually

The last way to install php7-apcu is to build from source. This way you get the bleeding edge version.

We need to install the php 7 development package and git first.

Enter your /tmp folder and clone the latest APCu source code from the git repository.

Now build the php7.0-apcu extension and install it.

Add the extension to the apcu.ini file

Since I use php7.0-fpm with nginx I am symlinking into the php-7.0 fpm and cli folders.

Restart php7.0-fpm service

Apache2 users will want to symlink this file

Reload the Apache service

Install the APCu object cache plugin

We are going to install the LCache Plugin hosted on github sponsored by Pantheon.

If you do not have WP-CLI or shell access to your host then you have to create the object-cache.php file manually with these instructions.

You will see this output

Now you can optionally adjust the RAM for APCu and monitor the APCu cache


Open the apcu.ini configuration file

Add the apc.shm_size line after the extension line. Here the APCu allocated ram is being changed to 50 MB.

Ctrl+X, Y and Enter to Save

Restart php7-fpm if ou are using it

Reload Apache if that is your web server of choice

Monitoring APCu Cache

Download the apc.php script

Now you can open and see the amount of cached objects, hit and miss rate.



WordPress nginx php7 mysql ubuntu 16.04 setup

Step 3: Install NGINX

In order to use a WordPress plugin for purging the NGINX cache that I talk about below, you have to install a custom version of NGINX. From the command line:

This will download and install NGINX and set up the firewall to allow both HTTP (port 80) and HTTPS (port 443) traffic. After you do this, you’ll need to update /etc/nginx/nginx.conf to comment out some lines that conflict with some of the SSL settings we’ll be creating later. Open the file:

Comment out ALL of the lines in the “SSL” section of the file by adding a # before them, then save and close the file.

Step 4: Install and Configure MariaDB

MariaDB is a drop-in replacement for MySQL. You can read about why people think it’s better, but I’m mostly convinced by the performance arguments. The MariaDB website has a convenient tool for configuring the correct repositories in your Ubuntu distro. Using the tool, I came up with the following steps for installing the DB:

When the following screen comes up, make sure you provide a good secure password that is different from the password you used for your user account.

Setting up root password for MariaDB

Setting up root password for MariaDB

Next, lock down your MariaDB instance by running:

Since you’ve already set up a secure password for your root user, you can safely answer “no” to the question asking you to create a new root password. Answer “Yes” to all of the other questions. Now we can set up a separate MariaDB account and database for our WordPress instance. At the command prompt type the following:

Type in your password when prompted. This will open up a MariaDB shell session. Everything you type here is treated as a SQL query, so make sure you end every line with a semicolon! This is very easy to forget. Here are the commands you need to type in to create a new database, user, and assign privileges to that user:

Note that although it’s customary to use ALL CAPS to write SQL statements like this, it is not strictly necessary. Also, where I’ve used “mywpdb” and “mywpdbuser” feel free to use your own database and user names.

Step 5: Install and Configure PHP7-FPM

One of the cool things about Ubuntu 16.04 is that it’s default PHP packages now default to version 7! Installing PHP is as simple as typing the following:

Note that this also installs the MySQL, XML, and GD packages so that WordPress can interact with the database, support XMLRPC (important if you use Jetpack), and also automatically crop and resize images.

Now we need to adjust a php.ini setting that would allow a clever hacker to execute scripts they shouldn’t. Open  /etc/php/7.0/fpm/php.ini using nano as follows:

You can search for the line you want to edit by hitting  CTRL + W and then typing the text of the setting you’re looking for, in this case  cgi.fix_pathinfo . In this case you want to remove the semicolon at the beginning of the line and set this setting to look like cgi.fix_pathinfo=0 . While you’re in this file, you may also want to adjust the post_max_size and  upload_max_filesize settings to something larger than their defaults of 8MB and 2MB, respectively. I frequently find that in my WordPress sites I want to upload larger files. Once you’re done editing, hit  CTRL + X to exit nano, and follow the prompts to save your changes. To get PHP to load the changes you need to restart it by typing:

Step 6: Tell NGINX to use PHP7-FPM

Open up the configuration file for your default site for NGINX:

Edit the file so that it looks exactly like this:

Save and exit this file, and then restart NGINX by typing the following:

In order to test out whether or not your changes worked, you can create a basic PHP file at the root of your web server by typing:

Then you can go to a web browser and type in  http://your-IP-address and you should get the auto-generated PHP Info page which looks something like this:

Default PHP Info page

Default PHP Info page

Woohoo!!! Now we’re getting somewhere. We’re going to be making a bunch of changes to our NGINX config in later steps for security and optimization, but this is the absolute minimum you need to do to get PHP7-FPM and NGINX playing well together.

Step 7: Set up SSL Certificates with LetsEncrypt

In the next step we’re going to add an SSL certificate to our site and then configure NGINX to use it. I recommend that you read DigitalOcean’s entire tutorial on securing NGINX on Ubuntu 16.04 with LetsEncrypt, but I’ll provide just the steps you need here. First, install LetsEncrypt:

During installation, LetsEncrypt has to add some files to your web root in order to confirm that you actually own your domain. In order to do that, we need to update the NGINX configuration for your site. Open up the config in nano using:

And then add this code inside the server block:

Save and exit. Then you can check to make sure you have no typos and restart NGINX with the following:

Now you will switch to the directory where we cloned LetsEncrypt and run the tool to actually create and install our certificate:

Follow the prompts that pop up. Make sure you pick a reliable email address for receiving notifications. To increase security, DigitalOcean’s tutorial recommends setting up a strong Diffie-Hellman Group as follows:

Next we’ll create a configuration snippet for NGINX that will contain all of our SSL parameters. Create and open the file as follows:

And add this code into the file, making sure you add your domain at the top in the file paths for the ssl_certificate and ssl_certificate_key:

Save and exit this file. Next we will update our NGINX configuration for our site again to redirect all traffic through HTTPS. My earlier blog post goes into why this is the desired behavior. Open your config file with:

And modify it to look exactly like this (except of course for using your domain name instead of “” which needs editing in both server blocks):

If you do still want to allow non-secure HTTP traffic, please consult DigitalOcean’s blog post that I linked to above. Save and close this file. Then check the syntax and restart NGINX:

Finally, it is important to note that SSL certificates from LetsEncrypt expire every 90 days. In order that you don’t have to log into your server every 3 months to renew your certs, we’re going to set up a CRON job to autorenew them. From the command line:

Add the following lines:

This will update the LetsEncrypt client and then attempt to renew and load your certs (if necessary) every Monday.

Step 8: Install WordPress

Wow. All this work so far and we haven’t even installed WordPress yet! Let’s get to it.

There are a lot of opinions on the best way to download and maintain WordPress. My goals are:

  1. Check out the core files from some sort of version control repository
  2. Update core files from the same repo
  3. Have the ability to take advantage of automatic updates

I haven’t found a way to do this with Git yet, so for this tutorial I’m sticking with Subversion. As such the first step will be to install SVN:

Next, go to the web root directory, remove the index.php file if necessary, and check out the most recent version of WordPress (currently 4.6.1):

Make sure not to forget the “.” at the end of that last command! Otherwise the files will get checked out into a subfolder and you’ll have to move them. Next we have to update the ownership of the files so that our webserver can have full access:

Now you can visit your domain in a web browser and complete the basic WordPress installation as you normally would.

Step 9: Install WP Plugins and Set Up Email

In order to take advantage of nginx caching made available by the custom version of nginx that we installed, you’ll need to install the nginx helper plugin. Once you do that, go to Settings > Nginx Helper from the WP dashboard and check the box to “Enable Purge.” The default settings should be fine. Click “Save All Changes.”

In Step 2 above, I showed the DNS settings you should set up in order to have Mailgunhandle all of your email. The nice thing about doing this is you can avoid having to set up and maintain your own SMTP server on your droplet. Setting up a mail server like postfix, sendmail, or exif can be a real pain as most email providers these days are extremelysensitive about preventing spam. After you’ve set up your domain at Mailgun, you can use the Mailgun for WordPress plugin to have all outgoing emails from your website routed through Mailgun. After you’ve installed it, go to Settings > Mailgun from the WP dashboard, copy and paste in your Mailgun domain name and API key, and then click “Save Changes” to get it set up. Click “Test Configuration” to make sure it is working. You may also want to use the Check Email plugin just to make sure that emails are being sent correctly.

If you want to install Jetpack, the PHP XML package was installed to support that back in Step 6.

Step 10: Securing and Optimizing WordPress

Here are some tips and strategies for securing and optimizing your WordPress install.

Enable and Configure Gzip Compression

Gzip compression shrinks files before sending them across the web, increasing the speed of transfer. Gzip is enabled by default in  /etc/nginx/nginx.conf but you should edit this section of the configuration file to specify the types of files that should be compressed. Here’s the list that I use, and I’ve found that in recent installs they are already there by default. Add the list of  gzip_types into the file:

Deny Access to Certain Files and Folders

Some files and folders that are inside your web root should not be directly accessible via the web. Add the following sections to your  /etc/nginx/sitesavailable/default file in the main server block:

Force File Downloads Through FTPS

Whenever you add or update a theme or plugin, you can require that under the hood WordPress will use an encrypted transport like FTPS. To do so, follow this tutorial at DigitalOcean. It’s a little old, but still works. The only change to it that I had to make was to NOT change the ownership of the files in  /var/www/html . Here is a condensed list of the commands you’ll run:

And then you need to add the following lines to your  /var/www/html/wpconfig.php file:

Add that right about the line:  /* That’s all, stop editing! Happy blogging. */ . And you may want to change the user name from “wp-user” to something else more personalized, just in case someone who’s reading about this technique doesn’t try to find a hole in your setup based on what username you picked.

Setup Caching and Purging

The custom version of NGINX that we installed earlier allows you to use some advanced caching features. First you’ll want to install the NGINX Helper plugin within WordPress. Next you’ll follow the instructions in this blog post to configure caching. At the end of it all the config file for my site looked like this (including all of the edits we’ve made above):

Step 11: Final Server Tweaks

Finally, there are two more things we should do to keep our server up to date and healthy. The first is to make sure unattended upgrades are enabled:

When I finished editing it, my file looked like this:

I also updated the  /etc/apt/apt.conf.d/10periodic file to look like:

Lastly, I ran the following commands to make sure everything was up to date:


There are more plugins and tweaks you can make to improve the performance of your site. For example, you could host your images and other static resources on a CDN, and we didn’t talk about combining and minifying the CSS and JS files on the site. However, with all of the above, you should have made a very good start at having a screaming fast and secure website. Enjoy!