Tencent Cloud Account with Balance Deploy WordPress on Tencent Cloud CVM Step by Step

{ "description": "This step-by-step guide walks you through deploying WordPress on Tencent Cloud CVM, from planning your instance and network settings to installing Nginx, PHP, and MySQL. It covers creating security rules, preparing storage, configuring a domain with DNS, and obtaining an SSL certificate for HTTPS. You’ll also learn how to harden basic settings, optimize performance, and verify the site with a full checklist. Along the way, you’ll get practical command examples, common pitfalls, and quick troubleshooting so your WordPress launch feels less like a quest and more like a victory lap.", "content": "

Introduction: A WordPress Welcome Party on CVM

\n

So you want to deploy WordPress on Tencent Cloud CVM. Excellent choice. WordPress is like a friendly golden retriever: extremely helpful, widely understood, and slightly chaotic until you set some boundaries. Tencent Cloud CVM is the capable owner holding the leash and providing snacks (also known as compute resources).

\n

This guide is written for practical humans who prefer doing things rather than reading about doing things. We’ll go step by step: picking and launching a CVM instance, setting up networking and security, installing the web stack (Nginx + PHP + MySQL), configuring WordPress, wiring in a domain, enabling HTTPS, and doing basic sanity checks. If you follow along, you’ll have a working WordPress site and the confidence of someone who has successfully wrestled a server into behaving.

\n

We’ll assume you’re using a common Linux distribution such as Ubuntu 20.04/22.04 or CentOS 7/8. Commands may vary slightly. If you get a command error, don’t panic—copy the error text into your brain (like a memory of pain), then adjust to your OS. The server will survive; you might even learn something.

\n\n

Step 0: Decide Your Setup (Before You Press the “Deploy” Button)

\n

Before you create the instance, decide what kind of WordPress site you’re building. Small blog? Business site? WooCommerce store? The requirements differ, but here are reasonable starting points:

\n

\n
• CPU/RAM: For a basic site and light traffic, 1 vCPU and 2 GB RAM is usually okay. For more traffic, scale up.
\n
• Storage: A typical starting disk size is 40 GB. WordPress itself isn’t huge, but backups, plugins, and database growth will happen.
\n
• Region: Pick the region closest to your users to reduce latency.
\n

\n

Also decide:

\n

\n
• Will you use a domain name?
\n
• Will you need HTTPS (you do, unless you enjoy browser warnings)?
\n
• Do you want email sending? (That’s a separate can of worms; this guide focuses on the web stack.)
\n

\n\n

Step 1: Create a Tencent Cloud CVM Instance

\n

Log into Tencent Cloud Console, then find CVM (Cloud Virtual Machine). Create a new instance. During setup, you’ll typically choose:

\n

\n
• Image/OS: Ubuntu or CentOS.
\n
• Instance Type: Standard general purpose.
\n
• Networking: Usually a VPC plus subnet.
\n
• Authentication: SSH key is preferable; passwords are okay but less fun to manage.
\n

\n

Tip: Use a strong SSH key and keep it safe. If someone else gets your private key, your server will become their personal blog. Which might be entertaining… for them.

\n\n

Step 2: Configure Security Group Rules (Firewall Before You Begin Cooking)

\n

Security groups control inbound traffic. For WordPress you typically need:

\n

\n
• HTTP: port 80
\n
• HTTPS: port 443
\n
• SSH: port 22 (temporarily from your IP, not from the whole internet)
\n

\n

In the Tencent Cloud console, locate the security group attached to your CVM. Add inbound rules like:

\n

\n
• Allow TCP 80 from 0.0.0.0/0 (or better: limit if you want)
\n
• Allow TCP 443 from 0.0.0.0/0
\n
• Allow TCP 22 from your IP only
\n

\n

Tencent Cloud Account with Balance Don’t expose SSH to the whole world if you value your server’s peace of mind. Attackers love random ports; they also love open doors.

\n\n

Step 3: Connect to Your CVM via SSH

\n

Once the instance is running, get its public IP. Then connect with SSH from your local machine.

\n

Tencent Cloud Account with Balance Example (using a private key):

\n

ssh -i /path/to/your-key.pem ubuntu@YOUR_PUBLIC_IP

\n

If you’re using CentOS, it might be:

\n

ssh -i /path/to/your-key.pem centos@YOUR_PUBLIC_IP

\n

After connecting, update your package lists:

\n

sudo apt-get update -y

\n

Then upgrade packages:

\n

sudo apt-get upgrade -y

\n

(On CentOS, use yum or dnf equivalents.)

\n\n

Step 4: Set Up a Directory and Storage (Optional but Sensible)

\n

WordPress can live under /var/www/html. But it’s also fine to create a dedicated directory like /var/www/wordpress for clarity.

\n

Create a directory:

\n

sudo mkdir -p /var/www/wordpress

\n

Then set permissions (use the web server user later). For now you can ensure you have a consistent ownership base. On Ubuntu with Nginx, that often means www-data.

\n

sudo chown -R www-data:www-data /var/www/wordpress

\n\n

Step 5: Install Nginx, PHP, and Required Extensions

\n

Now we assemble the web stack. WordPress on modern Linux usually runs happily with Nginx + PHP-FPM + MySQL/MariaDB.

\n\n

5.1 Install Nginx

\n

sudo apt-get install nginx -y

\n

Start and enable it:

\n

sudo systemctl enable nginx

\n

sudo systemctl start nginx

\n

Quick check: open your browser to http://YOUR_PUBLIC_IP. You should see the default Nginx page (or at least something less mysterious than a blank void).

\n\n

5.2 Install PHP and PHP-FPM

\n

Install PHP packages. For Ubuntu, a typical set might include PHP 8.1. If your OS has an appropriate default version, you can use it; otherwise you might use a PPA. Keep it simple first.

\n

Example for PHP 8.1:

\n

sudo apt-get install php-fpm php-mysql php-xml php-curl php-gd php-mbstring php-zip php-intl -y

\n

Enable and start PHP-FPM:

\n

sudo systemctl enable php8.1-fpm

\n

sudo systemctl start php8.1-fpm

\n

If your PHP-FPM service name differs (like php-fpm), use:

\n

systemctl list-unit-files | grep php

\n\n

5.3 Configure Nginx to Use PHP-FPM

\n

We’ll later create a site configuration. For now, test that Nginx can pass PHP requests to PHP-FPM.

\n

Create a test PHP file:

\n

sudo tee /var/www/wordpress/info.php <<'EOF'\n<?php\nphpinfo();\nEOF

\n

Now temporarily configure Nginx to serve it. We’ll do a proper configuration in a later step, but for immediate confidence:

\n

Locate Nginx server blocks:

\n

ls /etc/nginx/sites-available

\n

On Ubuntu, a default file might exist. You can create a new one, for example wordpress.conf and then enable it.

\n\n

Step 6: Install MySQL (or MariaDB)

\n

WordPress needs a database. Many people use MySQL or MariaDB. MariaDB is common on CentOS; MySQL packages vary by distribution.

\n\n

6.1 Install MySQL

\n

On Ubuntu, commonly:

\n

sudo apt-get install mysql-server -y

\n

During installation, you’ll set a root authentication approach. On modern Ubuntu, the easiest is often socket-based auth for root and then creating WordPress users properly.

\n\n

6.2 Secure the Database (Recommended)

\n

Run:

\n

sudo mysql_secure_installation

\n

Follow prompts. Choose a strong root password if asked (or use the recommended approach). Remove anonymous users and disallow remote root login unless you intentionally want that.

\n\n

6.3 Create WordPress Database and User

\n

Log into MySQL:

\n

sudo mysql

\n

Create database (replace names as you like):

\n

CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

\n

Create user and grant permissions:

\n

CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'StrongPasswordHere!';

\n

GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wp_user'@'localhost';

\n

FLUSH PRIVILEGES;

\n

Exit:

\n

exit

\n\n

Step 7: Download and Configure WordPress

\n

Next, download WordPress, extract it, and set up the configuration file.

\n\n

7.1 Download WordPress

\n

Tencent Cloud Account with Balance Move into your web root directory:

\n

cd /var/www/wordpress

\n

Download WordPress. You can use curl or wget. Example with wget:

\n

sudo apt-get install wget -y

\n

wget https://wordpress.org/latest.tar.gz

\n

Extract:

\n

sudo tar -xzf latest.tar.gz --strip-components=1

\n

Remove the tarball:

\n

sudo rm -f latest.tar.gz

\n\n

7.2 Configure wp-config.php

\n

Copy the sample config:

\n

sudo cp wp-config-sample.php wp-config.php

\n

Edit wp-config.php and set database details.

\n

Use nano for simplicity:

\n

sudo nano wp-config.php

\n

Find these lines and update:

\n

\n
• define('DB_NAME', 'wordpress_db');
\n
• define('DB_USER', 'wp_user');
\n
• define('DB_PASSWORD', 'StrongPasswordHere!');
\n
• Set DB host usually localhost
\n

\n

Also set site URL and home URL later during WordPress setup if needed. But you can also set them here after domain is ready.

\n\n

7.3 Fix Permissions

\n

WordPress needs correct ownership for updates and plugins.

\n

sudo chown -R www-data:www-data /var/www/wordpress

\n\n

Step 8: Create Nginx Site Configuration for WordPress

\n

Now we make Nginx behave like a responsible host, not a confusing museum guide.

\n\n

8.1 Create a Nginx Server Block

\n

Create a file in /etc/nginx/sites-available called wordpress or wordpress.conf.

\n

sudo nano /etc/nginx/sites-available/wordpress

\n

Use a configuration like the following. Replace `YOUR_SERVER_NAME_OR_DOMAIN` and adjust PHP version if needed.

\n

server {\n    listen 80;\n    listen [::]:80;\n    server_name YOUR_SERVER_NAME_OR_DOMAIN;\n\n    root /var/www/wordpress;\n    index index.php index.html;\n\n    client_max_body_size 20M;\n\n    location / {\n        try_files $uri $uri/ /index.php?$args;\n    }\n\n    location ~ \\.php$ {\n        include snippets/fastcgi-php.conf;\n        fastcgi_pass unix:/run/php/php8.1-fpm.sock;\n        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n        include fastcgi_params;\n    }\n\n    location ~* \\.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|svg|eot)$ {\n        expires 30d;\n        access_log off;\n        log_not_found off;\n    }\n\n    location = /favicon.ico { access_log off; log_not_found off; }\n    location = /robots.txt  { access_log off; log_not_found off; }\n}\n

\n

Notes:

\n

\n
• Make sure the fastcgi_pass socket path matches your PHP-FPM version. Common Ubuntu path examples: /run/php/php8.1-fpm.sock or /run/php/php8.2-fpm.sock.
\n
• If your PHP-FPM socket differs, find it with:
\n

\n

ls /run/php/

\n\n

8.2 Enable the Site and Disable Default

\n

sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/

\n

Disable default if you want:

\n

sudo rm -f /etc/nginx/sites-enabled/default

\n

Test Nginx configuration:

\n

sudo nginx -t

\n

If it says “syntax is ok” and “test is successful,” reload Nginx:

\n

sudo systemctl reload nginx

\n\n

Step 9: Install WordPress Through the Web UI

\n

Now visit your server in a browser:

\n

\n
• http://YOUR_PUBLIC_IP (for first testing)
\n
• or http://YOUR_DOMAIN (once DNS is ready)
\n

\n

You should see the WordPress setup page. It will ask for:

\n

\n
• Site title
\n
• Admin username
\n
• Admin password
\n
• Admin email
\n

\n

WordPress will then connect to the database using wp-config.php. If it can’t connect, don’t assume you did nothing wrong. Servers enjoy being helpful by being wrong in very specific ways.

\n\n

Step 10: Add Domain DNS Records

\n

To use a custom domain, update DNS at your domain registrar or DNS provider.

\n

Commonly you’ll add an A record pointing to your CVM public IP:

\n

\n
• Type: A
\n
• Host: @ (or your root domain)
\n
• Value: Your CVM public IP
\n
• TTL: default or 300
\n

\n

Optionally add:

\n

\n
• CNAME for www to your root domain
\n

\n

Wait for DNS propagation. It might take a few minutes, or it might take longer. DNS propagation is like coffee: sometimes it’s immediate, sometimes it’s a lifestyle choice.

\n\n

Step 11: Enable HTTPS with SSL (Let’s Encrypt)

\n

HTTPS is non-negotiable in 2026 unless your goal is to collect browser warnings like trading cards.

\n\n

11.1 Install Certbot

\n

Install Certbot and Nginx plugin:

\n

sudo apt-get install certbot python3-certbot-nginx -y

\n\n

11.2 Obtain an SSL Certificate

\n

Run:

\n

sudo certbot --nginx -d YOUR_DOMAIN -d www.YOUR_DOMAIN

\n

Certbot will detect Nginx server blocks, request certificates, and update configs automatically.

\n

If it asks to redirect HTTP to HTTPS, enable redirection. If it asks about email for urgent notices, give it a valid email because certificates do expire even when you look away.

\n\n

11.3 Auto-Renewal Check

\n

Certbot typically installs a systemd timer for renewal. Verify:

\n

systemctl list-timers | grep certbot

\n

Tencent Cloud Account with Balance You can also do a dry run:

\n

sudo certbot renew --dry-run

\n\n

Step 12: WordPress Hardening (Small Tweaks, Big Peace)

\n

Now that WordPress is running, let’s tighten the bolts. Not paranoid-security-level, just sensible improvements.

\n\n

12.1 Update WordPress and Plugins

\n

In the WordPress dashboard, check for updates. Core updates and plugin updates close security gaps. Outdated software is like leaving a window open in a thunderstorm.

\n\n

12.2 Configure wp-cron Properly (Optional)

\n

Tencent Cloud Account with Balance WordPress uses wp-cron for scheduled tasks. Sometimes people disable it and use system cron. If you want the simple default, you can keep it.

\n

If you use system cron, you can set:

\n

crontab -e

\n

Add a line like:

\n

* * * * * curl -s https://YOUR_DOMAIN/wp-cron.php?doing_wp_cron >/dev/null 2>&1

\n

Be sure the URL uses HTTPS and your domain is correct.

\n\n

12.3 Disable File Editing in Dashboard

\n

To prevent editing theme/plugin files from the admin panel, add this to wp-config.php:

\n

define('DISALLOW_FILE_EDIT', true);

\n\n

12.4 Set Reasonable File Permissions

\n

Make sure directories and files aren’t writable by the world. WordPress typically needs write permissions to certain folders (like wp-content).

\n

You can start with:

\n

sudo find /var/www/wordpress -type d -exec chmod 755 {} \\\;

\n

sudo find /var/www/wordpress -type f -exec chmod 644 {} \\\;

\n

Then ensure wp-content is writable by Nginx/PHP:

\n

sudo chown -R www-data:www-data /var/www/wordpress/wp-content

\n

Be careful with permissions; if you make them too strict, updates and uploads may fail. If you make them too lax, security suffers. We want “safe and functional,” not “all-powerful and risky.”

\n\n

Step 13: Performance and Reliability Tips

\n

You don’t need perfection on day one, but a few tweaks help WordPress feel snappy.

\n\n

13.1 Enable Gzip Compression

\n

Edit Nginx configuration (often in /etc/nginx/nginx.conf), and ensure gzip is enabled. Example:

\n

gzip on;\ngzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;\n

\n

Then test and reload:

\n

sudo nginx -t

\n

sudo systemctl reload nginx

\n\n

13.2 Consider Caching Plugins

\n

WordPress caching plugins can improve speed significantly. Options include page caching and object caching. However, start with one caching plugin and test. Running three caching plugins is like giving a dog three leashes and asking it to fetch reliably.

\n\n

13.3 Use a Reasonable PHP Version

\n

Newer PHP versions generally run WordPress better. Stick to a supported PHP version, not an antique that only runs because it enjoys chaos.

\n\n

Step 14: Troubleshooting Guide (When Things Don’t Immediately Work)

\n

Here’s the reality: sometimes WordPress won’t load on the first try. Servers love dramatic entrances, not smooth ones. Let’s fix common problems.

\n\n

14.1 Nginx Returns 502 Bad Gateway

\n

This usually means PHP-FPM isn’t working or the socket path is wrong.

\n

Check PHP-FPM status:

\n

sudo systemctl status php8.1-fpm

\n

Check Nginx error logs:

\n

sudo tail -n 200 /var/log/nginx/error.log

\n

If the fastcgi_pass socket path is wrong, update it to the correct one and reload Nginx.

\n\n

14.2 WordPress Installation Fails to Connect to Database

\n

Check wp-config.php for:

\n

\n
• DB_NAME
\n
• DB_USER
\n
• DB_PASSWORD
\n
• DB_HOST (usually localhost)
\n

\n

Also verify MySQL user privileges and that the MySQL service is running:

\n

sudo systemctl status mysql

\n

If you created the user with 'wp_user'@'localhost' but WordPress tries a different host, you might need to adjust grants. Typically it’s localhost and everything is fine.

\n\n

14.3 HTTP Works but HTTPS Doesn’t

\n

Tencent Cloud Account with Balance This can happen if DNS isn’t pointing to the correct IP or if the Nginx server block doesn’t match the domain.

\n

Check:

\n

\n
• DNS A record for your domain
\n
• Nginx server_name
\n
• Certbot logs at /var/log/letsencrypt/
\n

\n

Also run:

\n

sudo certbot renew --dry-run

\n\n

14.4 WordPress Loads but Uploads Fail

\n

Tencent Cloud Account with Balance Common causes:

\n

\n
• Incorrect ownership of wp-content
\n
• Permission issues on uploads directory
\n

\n

Fix ownership:

\n

sudo chown -R www-data:www-data /var/www/wordpress/wp-content

\n

Then retry uploads.

\n\n

14.5 The Site Loads Slowly

\n

Try these steps:

\n

\n
• Enable caching (plugin or Nginx caching)
\n
• Check server CPU/RAM usage
\n
• Review slow database queries (later advanced step)
\n

\n

You can check resource usage quickly:

\n

top

\n

Or:

\n

free -h

\n\n

Step 15: Backups and Monitoring (Because Life Happens)

\n

Before you relax, implement backups. If your server gets nuked by mistake, you’ll be staring at your database like it owes you money.

\n\n

Tencent Cloud Account with Balance 15.1 Database Backups

\n

You can use mysqldump and store backups on disk or object storage.

\n

Example (manual):

\n

mysqldump -u wp_user -p wordpress_db > /tmp/wordpress_db_$(date +%F).sql

\n

For automated backups, use a cron job and consider storing backups in a persistent location or external storage.

\n\n

15.2 File Backups

\n

At minimum, back up:

\n

\n
• /var/www/wordpress (themes, plugins, uploads)
\n

\n

Tencent Cloud Account with Balance Better backups reduce restoration pain later. Future you will send present you a thank-you email. Or at least a satisfying text message.

\n\n

15.3 Monitoring

\n

Consider basic monitoring:

\n

\n
• CPU and memory usage alerts
\n
• Disk space alerts
\n
• Web server availability checks
\n

\n

On Tencent Cloud, you may have monitoring tools available. Enable them if you can.

\n\n

Step 16: Final Verification Checklist (The “Make Sure It’s Real” Section)

\n

Before you tell anyone your WordPress is live, run this checklist:

\n

\n
• Nginx: sudo nginx -t passes and service is running
\n
• PHP-FPM: PHP-FPM service is active
\n
• Database: WordPress can create/update tables during install
\n
• WordPress login: You can log in to admin dashboard
\n
• Uploads: You can upload a media file
\n
• Permalinks: Permalink settings work (try visiting a post URL)
\n
• HTTPS: Browser shows a valid certificate without warnings
\n
• Security: You restricted SSH access and disabled file editing
\n
• Backups: You have at least a basic backup plan
\n

\n

Then remove any test files like info.php if you created them earlier:

\n

sudo rm -f /var/www/wordpress/info.php

\n

Leaving a phpinfo page lying around is a little like leaving your Wi-Fi password on a sticky note on the monitor. Sure, it’s “convenient,” but it’s also a choice.

\n\n

Optional Step: Configure WordPress Permalinks and Nginx Rewrite Rules

\n

WordPress permalinks require Nginx rewrite behavior. Our earlier configuration with try_files and passing requests to index.php generally supports it.

\n

In WordPress dashboard, go to Settings → Permalinks. Set your preferred structure (for example “Post name”). Save changes. If permalinks produce 404 errors, check:

\n

\n
• Nginx configuration
\n
• Whether try_files includes /index.php?$args
\n
• Nginx reload success
\n

\n\n

Optional Step: Add Caching Headers for Static Assets

\n

If you didn’t already include it, you can configure longer cache durations for static resources. This reduces repeated downloads and speeds up page loads.

\n

Our earlier config already includes a section for common file types with expires 30d. If you add more file types, ensure they’re truly static and versioned or hashed so updates propagate correctly.

\n\n

Optional Step: Increase Upload Size if Needed

\n

WordPress uploads sometimes fail when files exceed the Nginx limit. If you see errors, adjust:

\n

\n
• client_max_body_size
\n

\n

In the server block, set for example:

\n

client_max_body_size 50M;

\n

Then reload Nginx:

\n

sudo systemctl reload nginx

\n\n

Common Pitfalls (So You Don’t Have to Learn the Hard Way)

\n

\n
• Tencent Cloud Account with Balance Wrong PHP-FPM socket path: causes 502 errors.
\n
• Over-permissive SSH access: invite trouble.
\n
• DNS not updated: HTTPS fails or domain doesn’t match certificate.
\n
• Permissions issues: uploads and plugin updates fail.
\n
• Leaving test files: remove info.php.
\n
• Not checking logs: logs are the truth tellers.
\n

\n

When in doubt, check logs first. It’s like checking your windshield before blaming the rain.

\n\n

Conclusion: Your WordPress Is Up, Now Go Publish Something

\n

Deploying WordPress on Tencent Cloud CVM doesn’t have to feel like summoning a server demon. With the steps above, you’ve built a working Nginx + PHP-FPM + MySQL environment, configured WordPress, secured access with HTTPS, and validated functionality with a sensible checklist.

\n

And now you can do the fun part: publish. Add themes, install plugins, write posts, and enjoy the fact that your website can now speak fluent HTTP and survive HTTPS like a champ.

\n

If you run into trouble, revisit the troubleshooting sections and check the relevant logs. Servers don’t enjoy secrets; they prefer receipts. Good luck—and may your database connections be stable and your deployments be boring (in the best way).

" }