Building your own website doesn’t require expensive hosting anymore — you can host WordPress securely on AWS for free or at a minimal cost.
In this guide, we’ll walk through setting up a LEMP stack (Linux, Nginx, MySQL, PHP) on an AWS EC2 Ubuntu instance, install WordPress, and secure it using Let’s Encrypt SSL.
By the end, you’ll have your own fully functional WordPress website with HTTPS enabled.
What You’ll Need:
AWS account
Basic Linux knowledge
Domain name (or free No-IP subdomain)
SSH client (Mac Terminal, PuTTY, etc.)
Step 1: Launch Your EC2 Instance
- Go to AWS Management Console → EC2 → Launch Instance.
Choose Ubuntu 24.04 LTS as the OS.
Select a t2.micro (free-tier eligible).
Configure Security Group:
- 22 (SSH) – your IP only
- 80 (HTTP) – anywhere
- 443 (HTTPS) – anywhere
- Download the .pem key and connect via SSH:
ssh -i "your-key.pem" ubuntu@<EC2-Public-IP>
Step 2: Install the LEMP Stack
Install Nginx
sudo apt update sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
Visit your public IP — you should see the Nginx Welcome Page.
Install MySQL
sudo apt install mysql-server -y
sudo mysql_secure_installation
Install PHP
sudo apt install php-fpm php-mysql -y
Step 3: Configure MySQL for WordPress
Login to MySQL:
sudo mysql -u root -p
Then create a database and user:
CREATE DATABASE wordpress_db DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'StrongPassword123!'; GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wp_user'@'localhost'; FLUSH PRIVILEGES; EXIT;
Step 4: Install and Configure WordPress
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz
sudo mv wordpress /var/www/html/
Set correct ownership and permissions:
sudo chown -R www-data:www-data /var/www/html/wordpress/
sudo find /var/www/html/wordpress/ -type d -exec chmod 755 {} \;
sudo find /var/www/html/wordpress/ -type f -exec chmod 644 {} \;
Copy and configure the WordPress config file:
cd /var/www/html/wordpress/
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php`
Update the following lines:
define( 'DB_NAME', 'wordpress_db' ); define( 'DB_USER', 'wp_user' ); define( 'DB_PASSWORD', 'StrongPassword123!' ); define( 'DB_HOST', 'localhost' );
Step 5: Configure a Domain Name
You can use a free dynamic DNS domain from No-IP.
Create an account.
Register a subdomain (e.g.,
mywordpressite.zapto.org
).
- Point it to your EC2’s public IP.
Update your Nginx config:
sudo nano /etc/nginx/sites-available/wordpress
Example:
server { listen 80; server_name mywordpressite.zapto.org; root /var/www/html/wordpress; index index.php index.html; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.3-fpm.sock; } location ~ /\.ht { deny all; } }
Enable site and test config:
sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx
Step 6: Secure the Site with Let’s Encrypt SSL
Install Certbot:
sudo apt install certbot python3-certbot-nginx -y
Run:
sudo certbot --nginx -d mywordpressite.zapto.org
After completion, Certbot:
Adds SSL configuration automatically
Sets up automatic HTTPS redirection
Renews certificates automatically
Verify renewal setup:
sudo systemctl list-timers
Step 7: Complete WordPress Installation
Visit:
https://mywordpressite.zapto.org
You’ll see the WordPress installation page.
Follow on-screen steps to create your admin account and site name.
Troubleshooting:
- 502 Bad Gateway = Restart PHP service and check socket.
- Error Establishing DB Connection = Verify DB credentials.
- Certbot Fails = Ensure domain points to EC2 public IP and port 80 is open.
- Public IP Changes = Use Elastic IP or install No-IP dynamic client.
💡 Final Notes
Use
sudo systemctl status nginx
andsudo systemctl status php8.3-fpm
to verify services.Back up your database and WordPress files regularly.
Always renew SSL before expiry (
sudo certbot renew --dry-run
).
👤 About the Author
Hi! I’m Alan Varghese, a beginner DevOps and Cybersecurity enthusiast currently learning AWS, Linux, and automation through hybrid real-world projects.
I’m building hands-on experience with cloud deployments, security hardening, and CI/CD tools.
Contact:
GitHub: alanvarghese-dev
LinkedIn: alanvarghese-dev
Email: thealanvarghese@gmail.com
Top comments (0)