Overview

This article suggests how you can install WordPress on Amazon EC2 instances running Amazon Linux 2023 (AL2023). It also covers optional steps to deploy Amazon CloudFront CDN and to install valid HTTPS certificate on your EC2 instance.

To install WordPress on Ubuntu Linux, refer to this article

WordPress requirements

At time of writing, WordPress requirements are

• PHP 8.3 or greater
• MySQL 8.0 or greater OR MariaDB 10.6 or greater
• HTTPS support

Both MySQL 8.0 and MariaDB 10.6 end community support in mid 2026

Method 1: Manual Installation

Launch EC2 instance

Launch a new EC2 instance with the following features

• Amazon Linux 2023, either Kernel 6.12 or Kernel 6.1
• Outbound internet connectivity
• Attached security group allows inbound HTTP and HTTPS
• Both x86_64 and arm64 architectures are supported, with AWS Graviton processors usually providing better price performance

To prevent your EC2 public IPv4 address from changing, associate an Elastic IP address

You may be eligible for t4g free trial. Refer to Announcing Amazon EC2 T4g Free Trial Extension for details

Connect to EC2 instance

Connect to your EC2 instance as ec2-user

Update DNF repository

Upgrade to latest release version (if available) and disable deterministic upgrade

sudo dnf upgrade --releasever=latest
echo latest | sudo tee /etc/dnf/vars/releasever

This is important as any new software versions and packages are added to newer AL2023 versions.

For example, PHP 8.4 and MariaDB 10.11 were added to AL2023 versions 2023.7.20250331 and 2023.7.20250428 respectively.

Install Apache web server

Install Apache with HTTPS, HTTP/2 and PHP-FPM support

sudo dnf install -y httpd mod_ssl mod_http2 mod_fcgid

sudo sed -i '156s/AllowOverride None/AllowOverride All/' /etc/httpd/conf/httpd.conf
sudo sed -i "/LoadModule /a Protocols h2 h2c http/1.1" /etc/httpd/conf.modules.d/10-h2.conf
sudo sed -i "/LoadModule /a SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" /etc/httpd/conf.modules.d/00-ssl.conf
sudo tee /etc/httpd/conf.d/www.conf > /dev/null << EOF
<VirtualHost *:80>
  DocumentRoot /var/www/html

  RewriteEngine on
  RewriteCond %{HTTP:X-AMZ-CF-ID} ^$
  RewriteCond %{HTTP:X-VARNISH} ^$
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
EOF

sudo systemctl enable --now httpd

Optional: HTTPS certificate

This section covers how you can associate a valid HTTPS certificate with your WordPress site, and is optional but recommended

To ensure proper operation for IPv4 addresses, associate an Elastic IP address with your EC2 instance

Option 1: Amazon CloudFront

You can use Amazon CloudFront global content delivery network (CDN) with EC2 instance as custom origin or VPC origin, to get a domain name with valid HTTPS certificate. This section covers CloudFront with custom origin.

CloudFront distribution can be created after installing WordPress

EC2 Public DNS name

Go to EC2 console, select your EC2 instance and copy out Public DNS value

Optional: IPv6 only DNS name

If your EC2 instance is not associated with an elastic IP address and is in a dual-stack subnet, you can select IPv6-only DNS name as CloudFront origin

Create distribution

Go to CloudFront console to create a distribution

You can select either flat-rate or Pay as you go pricing plan.

Origin type

In Specify type page Origin type section, select Other

Paste you EC2 instance Public DNS value into Custom origin text box

Origin IP address type

If you specify a IPv6 only or dual stack domain, modify Origin IP address type setting accordingly. Else leave it default as IPv4-only

Origin settings

In Origin settings section, select Customize origin settings. Under Protocol section, select HTTP only

Cache settings

In Cache settings section, select Customize cache setings and use the following values

• Cache Policy: UseOriginCacheControlHeaders-QueryStrings
• Origin request policy: AllViewerExceptHostHeader or AllViewer
• Response headers policy: SecurityHeadersPolicy

Review your settings, and proceed to create a CloudFront distribution

Alternate domain name

CloudFront provides a distribution domain name with valid HTTPS certificate, e.g. https://d111111abcdef8.cloudfront.net. You can add alternate domain name (also known as a CNAME), and use AWS Certificate Manager to request non-exportable public SSL/TLS certificates at no additional charge

After which, update your DNS record to route traffic from alternate domain to the CloudFront distribution domain name

Option 2: HTTPS certificate on EC2 instance

This section requires a FQDN (fully qualified domain name) whose DNS entry resolves to your EC2 instance public internet IP address.

Skip this section if you do not have a domain name. Alternatively, go to Amazon Route 53 console to register a new domain. After which, create a DNS record to your EC2 instance public IP address.

Using Certbot

While there are other options, this section shows how to use Certbot to request and install free HTTPS certificates.

Install Certbot and configure Apache virtual host.

sudo dnf install -y certbot python3-certbot-dns-route53 python3-certbot-apache
sudo systemctl daemon-reload
sudo systemctl enable --now certbot-renew.timer

sudo tee /etc/httpd/conf.d/www.conf > /dev/null << EOF
<VirtualHost *:80>
  DocumentRoot /var/www/html
</VirtualHost>
EOF

sudo systemctl restart httpd

To obtain and install Let's Encrypt certificate for HTTPS

sudo certbot --apache

Refer to Use Certbot to enable HTTPS on Amazon Linux 2023 (AL2023) EC2 instances running Apache or Nginx for more details

Install PHP

We will install PHP 8.3 as per PHP Compatibility and WordPress Versions for good compatibility across the wider ecosystem of plugins and themes. We also install APC User Cache and Valkey, a Redis replacement, for use by caching plugins to improve performance

Modify phpVersion value below if you want to install a different PHP version

phpVersion=php8.3
sudo dnf install -y $phpVersion $phpVersion-{cli,fpm}
sudo dnf install -y $phpVersion-opcache
sudo dnf install -y $phpVersion-mysqlnd
sudo dnf install -y $phpVersion-{gd,intl,zip,bcmath,soap}
sudo dnf install -y $phpVersion-pecl-{apcu,igbinary,msgpack,redis6}

sudo systemctl enable --now php-fpm
sudo systemctl restart httpd

sudo dnf install -y valkey 
sudo systemctl enable --now valkey

Compile PHP extensions

Highly recommended PHP extensions such as Imagick need to be compiled

sudo dnf install -y php-devel php-pear gcc
sudo pecl update-channels

cd /tmp

sudo dnf install -y ImageMagick ImageMagick-devel
sudo dnf install -y ghostscript
yes | sudo pecl install imagick
sudo tee /etc/php.d/25-imagick.ini > /dev/null << EOF
extension=imagick.so
EOF

sudo systemctl restart php-fpm

WordPress Hosting Handbook provides a complete list of recommended and optional extensions to install. For example, you may want to compile timezonedb optional extension. Refer to How do I compile PHP extensions on Amazon Linux 2023? for PHP extension compilation guidance.

Changing installed PHP version

To upgrade to newer PHP version in future, you will need to remove the installed version and any compiled PHP extensions

# version to remove
phpVersion=php8.3

sudo systemctl stop httpd php-fpm
sudo pecl uninstall imagick
sudo rm -f /etc/php.d/25-imagick.ini
sudo dnf remove -y $phpVersion $phpVersion-*

Install new PHP version and Imagick extension as per previous section install scripts with your desired phpVersion value, e.g. php8.4

Install MariaDB database server

This section will install MariaDB database, and mariadb-backup. Alternatively, you can consider using Amazon RDS

sudo dnf install -y mariadb1011-server
sudn dnf install -y mariadb1011-backup
sudo systemctl enable --now mariadb

Create database and user

Create a database and user. Modify DB_USER_PW value below with a strong password and execute the script block

DB=wordpress
DB_USER=wordpress
DB_USER_PW=change2Str@ongPass0rd

sudo mysql -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_USER_PW';
CREATE DATABASE $DB CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON $DB.* TO '$DB_USER'@'localhost';
FLUSH PRIVILEGES;"

Download WordPress installation files

Download latest WordPress version. If you need an earlier version, get download link from Release Archive page.

cd /tmp
curl -L -O https://wordpress.org/latest.tar.gz
tar -xf latest.tar.gz

sed -i "/Add any custom value/a \$_SERVER['HTTPS'] = 'on';" /tmp/wordpress/wp-config-sample.php

tee /tmp/wordpress/.htaccess > /dev/null << EOF
<IfModule mod_headers.c>
  <FilesMatch "\.(css|gif|ico|js|jpg|jpeg|png|svg|ttf|txt|webp|woff|woff2)$">
  Header set Cache-Control "public, max-age=31536000"
  </FilesMatch>
</IfModule>
EOF

sudo rsync -r /tmp/wordpress/ /var/www/html/
sudo chown apache:apache -R /var/www/html

Restart services

sudo systemctl restart php-fpm
sudo systemctl restart httpd

WordPress installation

If you have installed a certificate, open a browser to your domain name, e.g. https://<wordpress.example.com>/. Else open a browser to your EC2 instance IP address, eg https://<EC2-IP-ADDRESS>

Run the install script. You will need to enter the database credentials that was configured previously to setup configuration file.

Optional: remote graphical desktop (GUI) access

If you need a graphical desktop environment, refer to Install GUI (graphical desktop) on Amazon EC2 instances running Amazon Linux 2023 (AL2023)

Optional: data protection

To protect your data, you may want to use AWS Backup to create EC2 backup job

Method 2: CloudFormation

This method uses CloudFormation IaC (infrastructure as code) template to automate previous method install steps, and include additional functional, security and performance features.

Go to ec2-lamp-server GitHub repository and download AL2023 template. Login to CloudFormation console. Create a stack using the downloaded file.

In LAMP section, select WordPress under Application stack to install, and desired PHP version

To use CloudFront, select Yes for Create Amazon CloudFront distribution, and choose between Custom Origin or VPC origin for origin type

Remote graphical desktop access with Amazon DCV is available as an option

To protect EC2 data, select Yes for Backup EC2 instance, and adjust backup schedule, time zone and retention settings.

Refer to site for parameter options and deployment instructions, including WordPress install video and HTTPS certificate request

Using WordPress

Do refer to WordPress documentation

Optional: WP-CLI

To install WP-CLI

cd /tmp
curl -s -L -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

To check version

wp --version

Output should be similar to below

WP-CLI 2.12.0

To update

sudo wp cli update

WordPress with Amazon CloudFront

If you have created a CloudFront distribution, you can login to WordPress admin panel and change your WordPress Address (URL) and Site Address (URL) to your CloudFront distribution or alternate domain name.

To further secure and accelerate your WordPress site, refer to blog Secure and accelerate your WordPress CMS with Amazon CloudFront, AWS WAF, and edge functions

WordPress Optimization

This article implements many measures to improve performance, including Graviton processors, browser caching, PHP OPcache, and CloudFront CDN for content offloading. You can install a caching plugin to cache your WordPress posts and pages as static files.

Do refer to WordPress Optimization page for more details.

Optional: Vinyl / Varnish HTTP cache

The article installs OPcache server caching to improve PHP performance. You can fine tune the settings to further improve performance.

To install Vinyl (formerly know as Varnish) HTTP cache from Supplementary Packages for Amazon Linux (SPAL).

sudo dnf install -y spal-release
sudo dnf install -y varnish

Do refer to Varnish Developer Portal for configuration details

SPAL packages are offered as-is and are not applicable for AWS Enterprise Support

Other Install Options

Other options include:

• Tutorial: Host a WordPress blog on AL2023
• Launch WordPress site with Amazon Lightsail
• Tutorial: Deploy WordPress website with an external Amazon RDS database to Elastic Beanstalk
• Pre-built AMIs are from AWS Marketplace