Translation(s): English - Português (Brasil)

WordPress is a free and open source (GNU GPLv2 or later) blogging tool and a content management system (CMS) based on PHP and MySQL. Features include a plug-in architecture and a template system.

WordPress versions for different Debian version (updated December 2023):

Packages Installation


apt update
apt install wordpress curl apache2 mariadb-server

Secure your MySQL installation with this command:


Basic Installation guide

Create a site

nano /etc/apache2/sites-available/wp.conf

Add this content, and replace by your own domain:

<VirtualHost *:80>

        DocumentRoot /usr/share/wordpress

        Alias /wp-content /var/lib/wordpress/wp-content
        <Directory /usr/share/wordpress>
            Options FollowSymLinks
            AllowOverride Limit Options FileInfo
            DirectoryIndex index.php
            Require all granted
        <Directory /var/lib/wordpress/wp-content>
            Options FollowSymLinks
            Require all granted

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined


Disable default Virtual Host, and enable the site

a2dissite 000-default
a2ensite wp

Reload the webserver

service apache2 reload

Create /etc/wordpress/config-$DM.php. $DM is the domain name e.g. if the fully qualified domain name is, create one of the following files:

WordPress searches in the above order and uses the first configuration file it can find. The domain name is taken from the HTTP-Request of your browser. That way you may be able to define different configuration files for different domains you are hosting.

nano /etc/wordpress/

Add this content:

   1 <?php
   2 define('DB_NAME', 'wordpress');
   3 define('DB_USER', 'wordpress');
   4 define('DB_PASSWORD', 'password');
   5 define('DB_HOST', 'localhost');
   6 define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content');
   7 ?>

<!> replace password with a suitably secure password

Create a file to hold the database creation instructions

nano ~/wp.sql

Add this content: <!> replace password with your "suitably secure password"

   1 CREATE DATABASE wordpress;
   3 ON wordpress.*
   4 TO wordpress@localhost
   5 IDENTIFIED BY 'password';

Create the database:

cat ~/wp.sql | mysql --defaults-extra-file=/etc/mysql/debian.cnf

Navigate to the wordpress directory in browser e.g. which redirects to where you'll see the "classic" wordpress 5 minute install page (actually a 5 second install thanks to the Debian packaging)

<!> replace with your domain name (or localhost if running on the same box as your browser).

Upgrading the installed WordPress version

For keeping your WordPress up to date and receiving security fixes use Debian package manager:

apt update && apt upgrade

If you would like to use a more recent version of WordPress, consider using Backports or Debian testing.

An alternate installation method

I believe this method conforms more with how the maintainer recommends it should be done. Various sources are drawn upon using this method, and it is also affected by a few bugs as of this writing. It is basically centered around a "kind of" multi-site install, but I recommend this method even for a single blog, otherwise when you decide down the road to have more than one and share the packages' codebase, you'll have a fair bit of work on your hands.

The key useful script here is /usr/share/doc/wordpress/examples/setup-mysql. This gem does a few things:

Run the helper script

Now run /usr/share/doc/wordpress/examples/setup-mysql, passing an argument of your site name; eg. You will most probably need other arguments too -- just try an initial -h to get help.

# Required package
apt install iputils-ping

# Unzip the file
gzip -d /usr/share/doc/wordpress/examples/setup-mysql.gz
# Set as executable
chmod +x /usr/share/doc/wordpress/examples/setup-mysql

# Run the setup, change to your FQDN

At this point, as per above, you should have a database created for you, and the /etc/wordpress/ config file. Peruse that and sanity check it.

Create the Apache site

Quoting /usr/share/doc/wordpress/examples/apache.conf:

There are several ways to setup Wordpress & Apache in Debian. However the maintainer's recommended way with the helper script setup-mysql uses:

## Virtual host VirtualDocumentRoot

        NameVirtualHost *:80

        <VirtualHost *:80>
        UseCanonicalName Off
        VirtualDocumentRoot /usr/share/wordpress
        Options All

        # wp-content in /srv/www/wp-content/$0
        RewriteEngine On
        RewriteRule ^/wp-content/(.*)$ /srv/www/wp-content/%{HTTP_HOST}/$1

For this configuration to work you'll also need to have mod_rewrite and mod_vhost_alias loaded and working in Apache. To enable these modules run

a2enmod rewrite
a2enmod vhost_alias
service apache2 restart

Place this config into something like /etc/apache2/sites-available/ and modify according to your needs (IP-based virtual host, name-based, logging, etc.)

If you're using any Wordpress functionality that requires URL rewriting (such as permalinks), then you will also need something like this in your Apache config:

    RewriteRule ^index\.php$ - [L]
    RewriteCond /usr/share/wordpress%{REQUEST_URI} !-f
    RewriteCond /usr/share/wordpress%{REQUEST_URI} !-d
    RewriteRule . /usr/share/wordpress/index.php [L]
    # Also needed if using PHP-FPM / Fast-CGI
    RewriteCond %{REQUEST_URI} !^/php5-fcgi/*

The above rewrite conditions rely on Apache finding the required files in /usr/share/wordpress for non-permalinks (such as wp-admin). This may require the following line to ensure it finds the index file when requesting /wp-admin/

    DirectoryIndex index.php

Final reading before actual configuration

Now would be a great time to read /usr/share/doc/wordpress/README.Debian if you haven't already. All the rest of the pieces should fall into place once you do.

Amongst other things, it explains the great way that the Debian WordPress package utilises the WordPress wp-config.php framework, and more importantly, how to handle the infamous "themes" and "plugins" directories in a WordPress install. The key point is that by symlinking under /var/lib/wordpress, users better abide by the FilesystemHierarchyStandard, and can use the in-app upgrade mechanisms of WordPress to upgrade plugins and themes, without clobbering the package, and risking server security.

It also discusses the two choices regarding multi-site installs, of which this here describes the non-WordPress version.

Enable the Apache site

Now we enable the Apache site config made earlier using a2ensite, which basically just creates a symlink in /etc/apache2/sites-enabled from sites-available, then reload Apache:

service apache2 reload

Configure WordPress

Now, browse to your new domain, and follow the normal WP configuration process, and you should be done.


Sadly at this point, there may be some issues with symlinking, and messing around generally with WP_CONTENT_DIR.

The main bug was being tracked at Most issues should be fixed but some things may break, especially if plugin or theme authors don't do things right when determining correct filesystem and URI paths to use.

See also

CategoryNetwork CategorySoftware