
The ultimate DIY guide for installing WordPress on openSUSE Tumbleweed
I am preparing a new WordPress website (Architect2Succeed.com) which is aimed at my profession as an IT architect.
When I setup Fossadventures.com, I didn’t make an installation instruction as I was not sure that everything would be as I liked. Which turned out to be true, as I have switched from Hack/HHVM to PHP7/PHP-FPM.
In this tutorial I want to incorporate all the learnings from my previous experience. This tutorial is likely to be very beneficial for all Linux beginners, who want to install WordPress from scratch on a VPS server running openSUSE Tumbleweed.
This Complete DIY guide is based on learnings from other great tutorials. See reference list below. I like to send out a huge thanks to the writers of these tutorials. I have combined their learnings and added some of my own.
- HowtoForge (LEMP tutorial) (WordPress tutorial)
- Rosehosting (LEMP tutorial) (WordPress tutorial)
- Linuxbabe (LEMP tutorial) (WordPress tutorial)
- Bjorn Johansen (Block PHP files)
- DigitalOcean (Increase PageSpeed Score)
- openSUSE.org (Let’s Encrypt)
Get your Virtual Private Server ready
The first thing to do is to purchase an openSUSE VPS. There are various options available. However, not all of them document the openSUSE version that they offer, which is a big miss in my opinion. Prices do vary, which means that you have to think about where these organizations have cut corners. Personally, I went with Transip.nl. But I feel that Linode would also be a good option.
- Contabo.com – offers a Leap 15.1 VPS with 300GB Disk for € 4 / month
- VPSserver.com – offers an openSUSE ??? VPS with 25GB disk for € 5 / month
- Transip.nl – offers a Tumbleweed VPS with 50GB SSD for € 10 / month
- Linode.com – offers an openSUSE Leap 15.1 VPS with 50GB SSD for € 10 / month
- Rosehosting.com – offers a managed openSUSE ??? VPS with 30GB SSD for € 25 / month
- LinuxCloudVPS – offers a managed openSUSE ??? VPS with 20GB SSD for € 26 / month
After purchasing a VPS, you need to install openSUSE. In my case, I have chosen a partitioning setup where I separate the operating system from the data partitions. Because this server is hosting a website, the data partitions are not located at /home. Rather, I like to make partitions for the WordPress application, the MariaDB database and the Nginx configuration files. My partition setup:
- Total size: 50 GiB
- BIOS Boot partition (8 MiB)
- Swap partition (2 GiB)
- Root partition (21 GiB – BtrFS) mounted at /
- WordPress partition (20 GiB – XFS) mounted at /srv/www
- MariaDB partition (6 GiB – XFS) mounted at /var/lib/mysql
- Nginx partition (1 GiB – XFS) mounted at /etc/nginx
See also the screenshot of the expert partitioner below:

After configuring the partition setup that you like, complete the openSUSE Tumbleweed installation on your VPS server.
Install Nginx and create your first static page
Nginx (pronounced Engine X) is a webserver / loadbalancer that you can use to provide or block access to certain parts of WordPress. For instance blocking direct access to PHP files or hidden files.
Zypper is the package manager that is used for command line installation. There is a very nice cheat sheet (page 1) (page 2) with all commands that are needed to install software via the command line. To install nginx, use the following command:
zypper in nginx
Now we are going to create a basic index.html file that will show us nginx is working. First you need to go to the htdocs folder, by using the following command:
cd /srv/www/htdocs/
If you are interested to see what’s in this folder, use the command ls -l. You will find there is already a file 50x.html in place. We are now going to create this index.html file.
echo "<H1> Your Title </H1>" > index.html
If you want to get fancy: edit the file you just created with the VIM editor.
vi index.html
Use Alt!+I to insert text. Use Esc to exit edit mode. Use :wq! to save.
You can do the same to create an Index.css file. Which you can then also edit using the VIM editor.
echo "h1 {color:blue;}" > index.css
Now its time to start nginx and enable it to start on boot, by using the following commands:
systemctl start nginx systemctl enable nginx
The last thing to do is to open port 80 (HTTP) in firewalld. Use the following commands:
firewall-cmd --permanent --add-port=80/tcp firewall-cmd --reload irewall-cmd --list-all
Now open your favorite browser, go to the IP address that your VPS is hosted on, to see your Index.html file. If you are installing this on a virtualbox server, just type in the localhost IP address:
http://127.0.0.1. http://localhost/
Install MariaDB
For the database that forms the back-end of WordPress, you can choose between using MySQL and MariaDB. MariaDB is a fork of the MySQL database, which was created in response to the Oracle purchase of SUN. One of the driving forces behind this fork is Michael “Monty” Widenius, which is one of the original MySQL founders. The databases have gone their own ways, both have a thriving community. So both MySQL and MariaDB are excellent choices.
In 2014 Red Hat Enterprise Linux has switched to MariaDB by default in RHEL 7. Personally, I think MariaDB is the more ‘open’ project, like LibreOffice is the better version of OpenOffice.org. So I have opted to install MariaDB. This is done by entering the zypper command:
zypper in mariadb mariadb-client mariadb-tools
Now enable the database to startup on boot and start the database service:
systemctl enable mysql systemctl start mysql
If you want to see if everything is running, use these commands. The second command helps you to exit back into the command line.
systemctl status mysql mysql-version
Now lets secure the MariaDB database from unwanted access. Type the following command:
sudo mysql_secure_installation
Now you will get the following questions:
Switch to unix_socket authentication?: Y Change the root password?: Y --> set a new secure password! Remove anonymous users?: Y Disallow root login remotely?: Y Remove test database and access to it?: Y Reload privilege tables now?: Y
Now login to your MariaDB database with the new password:
mysql -u root -p ENTER PASSWORD
When you are logged in as root on your VPS, you don’t have to provide a password. This is because MariaDB uses unix_socket authentication (first question), which gives the root user of your VPS access to the root user of the database. So don’t worry if you can enter the database without providing a password.
Next create a database and a database user. I strongly recommend to not use ‘ admin’ as the username. And while you avoid common names; ‘wpuser’ might also be easy to guess. This is way to easy to hack.
create database UNIQUE_DB_NAME; create user [email protected] identified by 'UNIQUE_DB_USER@'; grant all privileges on UNIQUE_DB_NAME.* to UNIQUE_DB_U[email protected] identified by 'UNIQUE_DB_USER@'; flush privileges;
To see if your database and user are successfully created, use the commands:
SHOW DATABASES; SELECT User FROM mysql.user;
Now that you created a database user, set a password for that user. I would advice that your newly created user gets a different password as your root database user. This is done by entering the following commands:
USE mysql; ALTER USER 'UNIQUE_DB_USER'@'localhost' IDENTIFIED BY '############'; flush privileges; exit
Install PHP7 and PHP7-FPM
PHP and the FastCGI Process Manager (PHP-FPM) are used by WordPress to communicate between WordPress, Nginx and the MariaDB database. WordPress is written in PHP, a powerful and versatile programming language. The latest version, PHP 7.4 has a greatly improved performance over PHP 5.6. This is the big advantage.

Source: Kinsta – The Definitive PHP 5.6, 7.0, 7.1, 7.2, 7.3, and 7.4 Benchmarks (2020)
Of course there are also many programmatic improvements, but this is less relevant for people who just want to run WordPress. At the beginning of Fossadventures, I used HHVM and Hack instead of PHP and PHP-FPM. But that crashed a lot. So I got rid of this and replaced this with PHP and PHP-FPM.
PHP-FPM is an alternative (better) implementation of FastCGI, which is a better implementation of CGI. Okay that tells you nothing. So lets start with CGI, which stands for Common Gateway Interface. CGI is a protocol for web servers (such as Nginx) to interface with PHP. It enables dynamic content generation and processing (1). FastCGI is what it sounds like, a faster re-implementation of CGI with enhanced capabilities. Now we get to PHP-FPM, which improves upon FastGCI. A couple of examples of improvements (2) are:
- Advanced process management with graceful stop/start;
- Emergency restart in case of accidental opcode cache destruction;
- Accelerated upload support;
- Dynamic/static child spawning;
- And much more.
Sounds impressive. From my experience, it works incredibly well. You can install both PHP7 and PHP7-FPM by entering the following command:
zypper in php7 php7-mysql php7-fpm php7-gd php7-mbstring php7-zlib php-curl php-gettext php-openssl php-zip php7-exif php7-fileinfo php7-imagick
Now let’s edit some configuration files. This is the same instruction as provide by Howtoforge (3), just updated for PHP 7. For your convenience, I will detail every command here below.
We first need to create the PHP-FPM configuration file. This is done by using the commands:
cd /etc/php7/fpm/
ls -l
cp php-fpm.conf.default php-fpm.conf
vi php-fpm.conf
Now use Alt+I to go into the edit mode. Uncomment (remove the semicolomn) of the following lines and change the log_level:
pid = run/php-fpm.pid error_log = log/php-fpm.log syslog.facility = deamon syslog.indent = php-fpm log_level = warning (change from the default) events.mechanism = epoll systemd_interval = 10
Exit and save by pressing the ESC key and typing the following command:
:wq!
Now we move to the website configuration file and we create another PHP-FPM configuration file.
cd php-fpm.d ls -l cp www.conf.default YOUR_WEBSITE_NAME.conf ls -l vi YOUR_WEBSITE_NAME.conf
Then we make adjustments by entering Alt+I and making the following changes:
user = nginx group = nginx listen = /var/run/php-fpm.sock listen.owner = nginx (uncomment by removing the ;) listen.group = nginx (uncomment by removing the ;) listen.mode = 0660 (uncomment by removing the ;)
Exit and save by pressing the ESC key and typing the following command:
:wq!
Next we are going to edit the php.ini file. This is done by typing the following commands:
cd /etc/php7/cli/ ls -l vim php.ini
We make adjustments by entering Alt+I. Go to the section ‘Data Handling’ (line 616) and find the section post_max_size. Make the following adjustment:
post_max_size = 12M
Go to the section ‘Paths and Directories’ (line 733) and then find the section CGI.fix_pathinfo. Make the following adjustment:
cgi.fix_pathinfo=0
Go to the section ‘File Uploads’ (line 832) and then find the section upload_max_filesize. Make the following adjustment:
upload_max_filesize = 6M
Go to the section ‘Module Settings’ (line 947) and then find the section [Pdo_mysql]. Make the following adjustment:
pdo_mysql.cache_size = 2000 (this line is new) pdo_mysql.default_socket=
Save and exit by pressing the ESC key and typing the following command:
:wq!
Now copy the php.ini file to the conf.d directory:
cp /etc/php7/cli/php.ini /etc/php7/conf.d/php.ini cd /etc/php7/conf.d/ ls -l
Now we want to setup Nginx to work with PHP-FPM. Before we make this change, it is very important that we create a backup of the nginx.conf file. In case we screw anything up, we have a backup that we can restore!
cd /etc/nginx/ ls -l cp nginx.conf nginx.conf.backup01 ls -l
Now we can safely edit the nginx.conf file. We do this by entering the command and pressing Alt+I to go into edit mode:
vi nginx.conf
Create a new line just below “include conf.d/*.conf;” and put in the code:
client_max_body_size 20M;
Make the following adjustments just below “location / {“. Add index.php to the index line and then add the line with try_files:
index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args;
Right below this section at a blank line, add the following code:
location ~ .php$ { root /srv/www/htdocs; try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }
After this, go to the line that says error_page 404… and change the .html into .php.
error_page 404 /404.php; error_page 405 /405.php;
Save and exit by pressing the ESC key and typing the following command:
:wq!
Let’s make sure that the nginx.conf file still works by entering:
nginx -t
Now we like to change the ownership of the php-fpm.pid and php-fpm.sock files to nginx. We do this by entering the following commands:
cd /var/run/ ls -l chown nginx:nginx php-fpm.pid chown nginx:nginx php-fpm.sock ls -l
If we have no errors, we can savely restart Nginx and start and enable PHP-FPM:
systemctl enable php-fpm systemctl start php-fpm systemctl restart nginx
To test the working of PHP, you can create a test file in the ‘htdocs’ folder, just as we did with the index.html and index.css files.
cd /srv/www/htdocs/ echo "<?php phpinfo(); ?>" > test.php
To test if the file is succesfully created, you can use vim to read the file and then exit.
vi test.php
:q!
It is time to try out if PHP has succesfully installed. To do so, you need to start PHP-FPM and restart Nginx.
nginx -t
systemctl start php-fpm
systemctl restart nginx
Open your favorite browser, go to the IP address that your VPS is hosted on and add “/test.php” (or your website name/test.php) to see the status of your PHP installation. If you are installing this on a virtualbox server, just type in the localhost IP address:
http://127.0.0.1./test.php http://localhost/test.php
You will be greeted by the PHP status page.

For security reasons remove the test.php file. This is done via the following command.
cd /srv/www/htdocs/ ls -l rm test.php ls -l
Create a Nginx Virtualhost file for your website
The first thing to do is to create a Nginx Virtualhost file for your website. This file contains all the specific Nginx information regarding your website, like its name, methods for accessing the website, locations that you want to block etcetera. Create and edit the file using the following commands:
cd /etc/nginx/vhosts.d ls -l echo "server" > YOUR_WEBSITE_NAME.conf ls -l vi YOUR_WEBSITE_NAME.conf
Now lets start editing this file (remember Alt+I) by writing in the following text inside the Nginx configuration file:
server { # This line for redirect non-www to www server_name YOUR_WEBSITE_NAME.com; rewrite ^(.*) http://www.YOUR_WEBSITE_NAME.com$1 permanent; listen 80; } server { server name www.YOUR_WEBSITE_NAME.com; root /srv/www/YOUR_WEBSITE_NAME/; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$args; } error_page 404 /404.php location = /404.php { root /srv/www/YOUR_WEBSITE_NAME/; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /srv/www/YOUR_WEBSITE_NAME/; } location ~ .php$ { root /srv/www/YOUR_WEBSITE_NAME/; fastcgi_keep_conn on; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } }
Save and exit by pressing the ESC key and typing the following command:
:wq!
Now we are going to create the root location for your website, that you have just specified in the nginx vhosts file. Remember this line:
root /srv/www/YOUR_WEBSITE_NAME/;
That directory doesn’t exist yet! So now we need to create this folder by entering the commands below. We will also copy the index.html, index.css and 50x.html files:
mkdir -p /srv/www/YOUR_WEBSITE_NAME/ cd /srv/www/htdocs/ cp index.html /srv/www/YOUR_WEBSITE_NAME/index.html cp index.css /srv/www/YOUR_WEBSITE_NAME/index.css cp 50x.html /srv/www/YOUR_WEBSITE_NAME/50x.html cd /srv/www/YOUR_WEBSITE_NAME/ chown nginx:nginx index.html chown nginx:nginx index.css chown nginx:nginx 50x.html ls -l
Because we now have the nginx vhosts file, we don’t need everything in the main nginx configuration anymore. So we will edit the main nginx configuration file again.
Before we start editing, let’s first create a backup. And then open the configuration file with Vim. Use the code below:
cd /etc/nginx/ cp nginx.conf nginx.conf.backup02 ls -l vi nginx.conf
Remove this section:
location ~ .php$ { root /srv/www/htdocs; try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }
Save and exit by pressing the ESC key and typing the following command:
:wq!
Now test your nginx configuration file.
nginx -t
If there are errors, you should restore the nginx.conf file from the backup you just created. This is done by the command (only use this if you found errors!):
cp YOUR_WEBSITE_NAME.conf.backup02 YOUR_WEBSITE_NAME.conf
If there are no errors, restart nginx:
systemctl restart nginx
Now open your favorite browser, go to the IP address that your VPS is hosted on, to see your Index.html file. If you are installing this on a virtualbox server, just type in the localhost IP address:
http://127.0.0.1. http://localhost/
Register your Domain name and configure your DNS settings
This might also be a good time to add your website name to your DNS. This way, you don’t have to enter the IP address all the time. If you haven’t registered your website name yet, this is the time to do it! Most of the VPS providers can also provide you with a domain name. If not, there are plenty of commercial alternatives. I registered with TransIP.nl. Create the folowing DNS records:
Name: * TTL: 1 hour Type: A IP address: YOUR_VPS_IPv4_ADDRESS Name: * TTL: 1 hour Type: AAAA IP address: YOUR_VPS_IPv6_ADDRESS Name: @ TTL: 1 hour Type: A IP address: YOUR_VPS_IPv4_ADDRESS Name: @ TTL: 1 hour Type: AAAA IP address: YOUR_VPS_IPv6_ADDRESS Name: www TTL: 1 hour Type: A IP address: YOUR_VPS_IPv4_ADDRESS Name: www TTL: 1 hour Type: AAAA IP address: YOUR_VPS_IPv6_ADDRESS
You probably have to wait 1-5 minutes for the DNS records to be synchronized with the other name servers worldwide. But once that is complete, you can open your favorite browser and visit your site at:
http://www.YOUR_WEBSITE_NAME.com
Your index.html file should automatically load.
Install WordPress
After all this work, it is finally time to install WordPress. We first need to go to the directory where we will install WordPress. Then we will remove the index.html and index.css files we created.
cd /srv/www/YOUR_WEBSITE_NAME/ ls -l rm index.html rm index.css ls-l
We will now retreive the latest WordPress zip file and unzip it. This will put all files in a subfolder called WordPress. Because we want these files in the YOUR_WEBSITE_NAME folder, we move these files to the current directory. Finally, we remove the empty WordPress folder and the WordPress Zip file.
wget wordpress.org/latest.zip unzip latest.zip mv wordpress/* . # rmdir wordpress/ && rm latest.zip
Now we need to connect our WordPress instance to the MariaDB database that we have created. This is done by creating and editing the wp-config.php file. To make sure Nginx has the right access level, we will change the ownership of all files in your websites directory. Use the following commands:
cp wp-config-sample.php wp-config.php chown nginx:nginx -R /srv/www/YOUR_WEBSITE_NAME/ vi wp-config.php
Press Alt + I to go into edit mode and make the following changes:
define('DB_NAME', 'UNIQUE_DB_NAME'); define('DB_USER', 'UNIQUEDBUSER'); define('DB_PASSWORD', 'UNIQUEDBUSER@');
Save and exit by pressing the ESC key and typing the following command:
:wq!
We referenced the 404.php file in the Nginx configuration and in the Nginx Vhosts configuration. We make this file available by using the following commands:
cp /srv/www/htdocs/wp-content/themes/twentytwenty/404.php /srv/www/htdocs/404.php cp /srv/www/htdocs/404.php /srv/www/YOUR_WEBSITE_NAME/404.php chown nginx:nginx /srv/www/htdocs/404.php chown nginx:nginx /srv/www/YOUR_WEBSITE_NAME/404.php
Now enter the domain of your website in your favorite browser. You will now be redirected to the installation screens. In the first screen, pick the language that is used in the WordPress Dashboard.

In the next screen, you fill in the website name, your admin name and your admin password. Of course you will make this name unique and use a strong password!

The third and final screen tells you that you are ready to go!

By clicking on Log In, you are directed to the WordPress Log-in page. Now you can start configuring the site. Before you start doing that, you want to make some server side improvements first:
- Install phpMyAdmin to administer your database
- Enable GZIP compression
- Harden your Nginx configuration
- Enable HTTPS
Install phpMyAdmin
phpMyAdmin is a great tool to visually check (and edit) what’s in your database. This might be a life saver for some more exotic issues, that cannot be fixed from the WordPress Admin Dashboard. However, I recommend blocking the phpMyAdmin dashboard by default in your Nginx setup. Only when you really need it, unblock it in Nginx. Then make the changes and block it again. Because it is such a powertool, you should limit access to it as much as possible. That said, let’s start with the installation by using the following commands (this package contains Capital Letters):
zypper in phpMyAdmin
Type ‘y’ to accept all dependent packages to be installed. Second we will create a htpasswd file. Use the commands:
htpasswd -c /etc/nginx/htpasswd UNIQUE_PHPMYADMIN_USER ENTER A NEW SECURE PASSWORD
Now we are going to create a new the Nginx configuration file for phpMyAdmin. Use the following commands:
cd /etc/nginx/vhosts.d ls -l echo "server" > phpMyAdmin.conf ls -l vi phpMyAmin.conf
Now press Alt + I to go into edit mode. Now complete the file by typing the following code.
server {
server_name 01.01.001.001;
root /srv/www/htdocs;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/phpMyAdmin/.*\.php$ {
root /srv/www/htdocs/;
#deny all;
#access_log off;
#log_not_found off;
auth_basic 'Restricted Access';
auth_basic_user_file /etc/nginx/htpasswd;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 404.php;
location = /404.php {
root /srv/www/htdocs;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /srv/www/htdocs;
}
# PHP-FPM running throught Unix-Socket
location ~ \.php$ {
root /srv/www/htdocs;
fastcgi_keep_conn on;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
This is the configuration in which you can access phpMyAdmin (after entering your username and password). For now we will save the Nginx configuration file by pressing Esc and type:
:wq!
Test your nginx configuration file. If there are no errors, restart nginx:
nginx -t systemctl restart nginx
Now we need to create a symbolic link from phpMyAdmin to the htdocs directory. This is done by entering the following command:
ln -s /usr/share/phpMyAdmin /srv/www/htdocs/phpMyAdmin chown nginx:nginx -R /usr/share/phpMyAdmin
Now we need to create a symbolic link from phpMyAdmin to the nginx conf.d directory. This is done by entering the following command:
ln -s /etc/phpMyAdmin/config.inc.php /etc/nginx/conf.d/config.inc.php chown nginx:nginx /etc/phpMyAdmin/config.inc.php
The final thing we need to do is give Nginx access to the php session. This is done by using the command:
chown nginx:nginx -R /var/lib/php7
Try out to login to the phpMyAdmin dashboard. Enter your IP followed with /phpMyAdmin:
http://01.01.001.001/phpMyAdmin
You should now see your phpMyAdmin dashboard.

When you are done checking out it is time to go back into your Nginx configuration file and block access completely. Make the following changes (press Alt +I to go into edit mode) to the phpMyAdmin.conf file:
location ~ ^/phpMyAdmin/.*\.php$ {
root /srv/www/htdocs/;
deny all;
access_log off;
log_not_found off;
#auth_basic 'Restricted Access';
#auth_basic_user_file /etc/nginx/htpasswd;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Save the Nginx configuration file by pressing Esc and type:
:wq!
Test your nginx configuration file. If there are no errors, restart nginx:
nginx -t systemctl restart nginx
Now try accessing your phpMyAdmin page again by entering the same URL:
http://01.01.001.001/phpMyAdmin
If everything works, you should see a Nginx 403 error, telling you that access is denied. Which will prevent bruteforce attacks on your phpMyAdmin dashboard.

Optimize and harden your Nginx configuration
One big speed improvement is one that is easy to implement is enabling Gzip compression. This speeds up the delivery of files to the end user, because if these files are smaller, it takes less time to download them. And every time a webpage is refreshed, a lot of files need to be downloaded. This is done by editing the Nginx configuration file with the Vim text editor. But before we start editing, we will create a backup file so we can always revert to the previous verion. Use the following commands:
cd /etc/nginx/vhosts.d
ls -l
cp YOUR_WEBSITE_NAME.conf YOUR_WEBSITE_NAME.conf.backup01
ls -l
vi YOUR_WEBSITE_NAME.conf
We go into edit move by pressing Alt + I. Now we need to add some code below “server {” and above “location {“.
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/css
text/plain
text/javascript
test/xml
application/javascript
aplication/json
application/x-javascript
application/xml
application/rss+xml
application/xhtml+xml
application/x-font
application/x-font-ttf
application/x-font-otf
application/x-font-opentype
application/x-font-truetype
application/x-font-woff
application/x-font-woff2
application/vnd.ms-fontobject
font/opentype
font/otf
font/ttf
image/svg+xml
image/x-icon;
We also want to set the time that files can stay in the browser cache. A good caching time can differ from site to site. My blogs don’t get updated regularly. I write a blog post every 1 or 2 months. So I have chosen a caching time of 3 weeks. If you post every week, you might want to lower this to 7 days. The browser caching time is specified by adding the following code (directly below the gzip text):
location ~* \.(jpg|jpeg|png|gif|bpm|ico|css|js|pdf)$ {
expires 21d;
}
We are not done yet! We also want to block off certain parts of the site that hackers shouldn’t have access to. This is done by adding the following code (directly below the browser caching text):
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /wp-includes/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~* /wp-content/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}
location = /latest.zip {
deny all;
access_log off;
log_not_found off;
}
Save and exit by pressing the ESC key and typing the following command:
:wq!
Now test your nginx configuration file.
nginx -t
If there are errors, you should restore the nginx.conf file from the backup you just created. This is done by the command (only use this if you found errors!):
cp YOUR_WEBSITE_NAME.conf.backup01 YOUR_WEBSITE_NAME.conf
If there are no errors, restart nginx:
systemctl restart nginx
Enable HTTPS
Now it is time to change our WordPress website from HTTP to HTTPS. For this, we need an SSL certificate. Which the Let’s Encrypt organsisation provides. Certbot is the official tool to request Let’s Encrypt certificates. So we first need to add the Certbot repository. This is done by using the following commands:
zypper addrepo https://download.opensuse.org/repositories/devel:/languages:/python:/certbot/openSUSE_Tumbleweed/devel:languages:python:certbot.repo
zypper addrepo https://download.opensuse.org/repositories/home:/ecsos:/server/openSUSE_Tumbleweed/home:ecsos:server.repo
zypper ref
Now it will ask you if you will trust the repositories. Type ‘a’ + ‘Enter’ to always trust this repository. After this is done, we can install the Certbot packages. Use the following command:
zypper in certbot-common certbot-doc certbot-systemd-timer python3-certbot python3-certbot-nginx
You will be asked to install certain other packages that are dependencies of the above packages. Type ‘y’ + ‘Enter’ to accept this proposal.
Now we will run the certbot application on the command line by using the command:
certbot --nginx
The Certbot application will ask some questons. Put in the following answers.
- Enter your e-mail address
- Agree to the Terms of Service (select Yes)
- Decide if you want the EFF newsletter (I have selected Yes)
- Leave the input blank to select all options (press Enter)
- Now redirect everything to HTTPS (select 2)
Now that part is finished. We just need to open the firewall for HTTPS traffic. Use the following commands:
firewall-cmd --zone=public --add-service=https --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload firewall-cmd --list-all
Now enter the address of your website in the browser and check if you can see the lock symbol in your browser. That means you have succesfully installed and configured certbot!

We also want certbot to automatically renew. This can be done by using Crontab to renew every month. Open the crontab file of certbot by using the following commands:
cd /etc/cron.d/ ls -l vi certbot
Press Alt + I to go into edit mode and uncomment (remove the #) of the lines and specify the time interval to renew the certbot certificates. I have specified to run this script every 9 days at 4:10 AM.
renew all certificates methode: renew 10 4 9 * * root /usr/bin/certbot renew
Save and exit by pressing the ESC key and typing the following command:
:wq!
Essential WordPress plugins
The last thing to do to make your WordPress setup complete is to install lots of plugins! A general recommendation is to reduce the numer of WordPress plugins to a minimum. But from my experience, the plugins are the thing that makes WordPress great. You want a performant and secure website. And there are many free and paid plugins that help you achieve that goal.
So far, I have 3 paid plugins (Wordfence, Hide My WP Ghost and Easy Updates Manager). You can also use the free versions, which are still a great option. Below is my list of essential WordPress plugins and the reason why I use them.
Wordfence Security
Wordfence is an endpoint Web Application Firewall and a malware scanner. It greatly enhances the security of your WordPress site by blocking known malicious traffic.
Hide My WP Ghost
Hide My WP Ghost is a security plugin that hides / changes a lot of common WordPress URLs. It also changes the names of plugins and themes to random names. This makes sure that automated attacks against your WordPress site will not work. And that it is harder to gain insight in the vulnerable plugins and themes that you are using.
Easy Updates Manager
Managing all your plugin updates can be a time consuming effort. What if a plugin can do all the work for you? I have set Easy Updates Manager to update all minor WordPress versions and to update all plugins and themes. The premium plugin automatically makes a backup of my site (via UpdraftPlus) before updating. And I get notified via Slack (e-mail is also a possibility).
UpdraftPlus – Backup/Restore
UpdraftPlus is a great Backup/Restore plugin for WordPress. I use it to backup my site every 14 days to my Google Drive. I might consider going Premium in the future, as this also allows Cloning and Migration, which is useful for creating a cloned test site.
HTTP Headers
This plugin allows me to set Security options in my HTTP header.
Contact Form 7
This is a popular WordPress plugin for creating a contact form. It can also send out e-mails when someone submits a request, but don’t want my server to have that ability.
Flamingo
Instead I use Flamingo to store the messages that are submited via the contact form.
WP Mail SMTP by WPForms
This replaced the default PHP mail function and enables me to send outgoing emails via SMTP and Transip as the mailprovider.
Check & Log Email
This allows me to see which e-mails have been send from my WordPress site.
WP Statistics
This plugin enables me to see the number of visits to my website and per page. It is less comprehensive as Google Analytics. But its more than enough for my use case.
Google XML Sitemaps
The Google XML Sitemaps plugin makes sure that my site is indexed by Google. This is not needed if you use more elaborate SEO plugins.
Broken Link Checker
Once you start writing a lot of blogs, your will also link to other sites. At a certain time, these links might brake. This reduces the reading experience of your readers. This is also bad for your SEO. This plugin helps you to find these problems and repair them.
Redirection
This plugin is also related to errors on your website that will start to appear over time. This time related to 301 (redirect) and 404 (page nog found) errors. This plugin helps your to find these problems and repair them.
WP Super Cache
It is a caching plugin. It makes my website load faster.
Autoptimize
It is a plugin that minifies my HTML, CSS and Javascript. It makes my website load faster.
Asset Cleanup: Page Speed Booster
This is a plugin that can load/unload (un)needed Javascript files for certain parts of the site. It makes my website load faster.
Optimole
This plugin helps me to optimizes images (resize and compress) and enables lazy-loading of images. It makes my website load faster.
OMGF
This plugin stores all Google Fonts that are used on my website locally, so when loading my website, people are not redirected to Google. It makes my website load faster.
WP-Optimize
This plugin cleans and optimizes my database. This will result in a very small speed inprovement.
Profilepress
This plugin allows me to use my own picture from my own WordPress media library for when I log in.
Yoast Duplicate Post
This plugin enables me to quickly duplicate an older blog post to use as a template for a new blog post.
Conclusion
I hope that this extensive guide was helpful in getting your new website up-and-running. There is so much more that you should now do:
- Select a nice looking theme
- Customize your theme
- Configure all plugins
- Remove all default posts
- Add the Site and Sitemap to Google Search Console
One important addition. If your start writing blog posts and create pages with your admin user, you make it very easy for hackers to brute force hack your website. Therefore I would recommend a separation of roles. Create a second user for yourself with only editing rights. And use that user account to create pages and write blog posts.
I leave the rest for you to work out. Best of luck!
Publishing date: 25-03-2020
Updated: 29-07-2021