WordPress on AWS EC2 with OpenLiteSpeed – Automated Setup

🚀 WordPress on AWS EC2 with OpenLiteSpeed – Automated Setup

Complete automated installation script for production-grade WordPress hosting on AWS EC2

What This Script Does

This bash script automates the complete installation and configuration of:

• ✅ OpenLiteSpeed Web Server – High-performance web server
• ✅ PHP 8.3 – Latest PHP version with all required extensions
• ✅ MariaDB Database – Secure database server
• ✅ WordPress CMS – Latest WordPress version
• ✅ SSL Certificates – Free Let’s Encrypt SSL with auto-renewal
• ✅ Redis Cache – Object caching for performance
• ✅ 2GB Swap File – Memory optimization
• ✅ UFW Firewall – Port security
• ✅ Fail2Ban – Brute-force protection
• ✅ Security Headers – HSTS, X-Frame-Options, CSP, etc.
• ✅ WebAdmin Security – Localhost-only access
• ✅ Automatic Security Updates – Unattended upgrades
• ✅ Automated Backups – Daily database and file backups
• ✅ Helper Scripts – Status checks and maintenance tools

Prerequisites

1. AWS EC2 Instance

• Instance Type: t3.micro or larger (t3.micro = 6 months free tier)
• OS: Ubuntu 24.04 LTS
• Storage: At least 20 GB
• Region: Your preferred region (e.g., eu-west-2 London)

2. Security Group Configuration

Allow the following ports:

• SSH (22) – Your IP only
• HTTP (80) – 0.0.0.0/0
• HTTPS (443) – 0.0.0.0/0

3. Domain Name

• Domain pointed to your EC2 Elastic IP
• Both example.com and www.example.com A records configured

4. SSH Key Pair

• Download your .pem key file from AWS

Installation Instructions

Step 1: Launch EC2 Instance

1. Go to AWS Console → EC2 → Launch Instance
2. Name: wordpress-production
3. AMI: Ubuntu Server 24.04 LTS
4. Instance Type: t3.micro (free tier eligible)
5. Key Pair: Create new or select existing
6. Network:
   • Create security group with ports 22, 80, 443
   • Assign Elastic IP after launch
7. Storage: 20 GB gp3
8. Launch Instance

Step 2: Point Your Domain

Add these DNS records at your domain registrar:

A    @      YOUR_ELASTIC_IP
A    www    YOUR_ELASTIC_IP

Wait 5-10 minutes for DNS propagation

Step 3: Connect to Server

chmod 400 your-key.pem
ssh -i your-key.pem ubuntu@YOUR_ELASTIC_IP

Step 4: Download and Run Script

Download directly from GitHub:

wget https://raw.githubusercontent.com/nfsarmento/WordPress-on-AWS-EC2-with-OpenLiteSpeed---Automated-Setup/main/wordpress-aws-openlitespeed-setup.sh
chmod +x wordpress-aws-openlitespeed-setup.sh
./wordpress-aws-openlitespeed-setup.sh

Or clone the repository:

git clone https://github.com/nfsarmento/WordPress-on-AWS-EC2-with-OpenLiteSpeed---Automated-Setup.git
cd WordPress-on-AWS-EC2-with-OpenLiteSpeed---Automated-Setup
chmod +x wordpress-aws-openlitespeed-setup.sh
./wordpress-aws-openlitespeed-setup.sh

Step 5: Follow Prompts

The script will ask you for:

Domain name: example.com
Database name: wordpress_db
Database user: wp_user
Database password: [strong-password]
WebAdmin username: admin
WebAdmin password: [strong-password]
SSL email: your-email@example.com

Installation takes 10-15 minutes

Post-Installation Steps

1. Complete WordPress Installation

Visit: https://your-domain.com/wp-admin/install.php

Fill in:

• Site Title
• Admin Username
• Admin Password
• Admin Email

2. Install Essential Plugins

Via WordPress Dashboard:

LiteSpeed Cache

1. Plugins → Add New → Search “LiteSpeed Cache”
2. Install and Activate
3. Go to LiteSpeed Cache settings
4. Enable Image Optimization
5. Enable CSS/JS Minification

Redis Object Cache

1. Plugins → Add New → Search “Redis Object Cache”
2. Install and Activate
3. Settings → Redis → Enable Object Cache

Wordfence Security (Optional but recommended)

1. Plugins → Add New → Search “Wordfence”
2. Install and Activate

3. Configure Email (Brevo SMTP)

1. Create Brevo Account: https://www.brevo.com (300 emails/day free)
2. Get SMTP Credentials:
   • Brevo Dashboard → SMTP & API
   • Copy your SMTP credentials
3. Install WP Mail SMTP Plugin
4. Configure Settings:
   • From Email: noreply@yourdomain.com
   • SMTP Host: smtp-relay.brevo.com
   • Port: 587
   • Encryption: TLS
   • Username: Your Brevo email
   • Password: Your SMTP key

4. Access WebAdmin Panel (Localhost Only)

Create SSH Tunnel:

ssh -i your-key.pem -L 7080:localhost:7080 ubuntu@YOUR_ELASTIC_IP

Access in Browser:

http://localhost:7080

Credentials: (the ones you set during installation)

5. Verify Everything Works

Run the status check script:

/home/ubuntu/check-status.sh

You should see all services as “active (running)”

Performance Optimization

PageSpeed 100/100 Setup

LiteSpeed Cache Settings:

• Cache → Cache ON
• CSS Combine: ON
• JS Combine: ON
• Image Optimization: ON
• Lazy Load: ON
• WebP: ON

Redis Object Cache:

• Already configured by script
• Just activate in WordPress

Verify Performance:

• Visit: https://pagespeed.web.dev/
• Test your domain
• Should achieve 90-100 scores

Security Features Included

What’s Protected:

• ✅ UFW Firewall – Only ports 22, 80, 443 open
• ✅ Fail2Ban – Blocks brute-force attacks
• ✅ Security Headers – HSTS, X-Frame-Options, CSP
• ✅ WebAdmin – Localhost-only access
• ✅ SSL/TLS – A+ grade SSL configuration
• ✅ Auto Updates – Security patches applied automatically
• ✅ Database – Secure installation, strong passwords

Check Security Status:

# Check firewall
sudo ufw status

# Check Fail2Ban
sudo fail2ban-client status

# Check SSL grade
# Visit: https://www.ssllabs.com/ssltest/

Maintenance & Monitoring

Daily Automated Backups

Backups run automatically at 2 AM daily

Location: /home/ubuntu/backups/

Manual backup:

/home/ubuntu/backup-wordpress.sh

Check for Updates

# Check if reboot needed
cat /var/run/reboot-required

# See what needs reboot
cat /var/run/reboot-required.pkgs

# Manual reboot (when needed)
sudo reboot

View Logs

# WordPress errors
sudo tail -50 /usr/local/lsws/your-domain/logs/error.log

# Access logs
sudo tail -50 /usr/local/lsws/your-domain/logs/access.log

# Automatic updates
sudo tail -50 /var/log/unattended-upgrades/unattended-upgrades.log

# Fail2Ban
sudo tail -50 /var/log/fail2ban.log

Restart Services

# Restart OpenLiteSpeed
sudo /usr/local/lsws/bin/lswsctrl restart

# Restart MariaDB
sudo systemctl restart mariadb

# Restart Redis
sudo systemctl restart redis-server

# Restart all
sudo systemctl restart lshttpd mariadb redis-server

Troubleshooting

Website Not Loading

# Check if services running
/home/ubuntu/check-status.sh

# Restart OpenLiteSpeed
sudo /usr/local/lsws/bin/lswsctrl restart

# Check error logs
sudo tail -100 /usr/local/lsws/your-domain/logs/error.log

SSL Certificate Issues

# Renew manually
sudo certbot renew --force-renewal

# Copy to OpenLiteSpeed
sudo cp /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem /usr/local/lsws/conf/cert/your-domain/
sudo cp /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /usr/local/lsws/conf/cert/your-domain/key.pem

# Restart
sudo /usr/local/lsws/bin/lswsctrl restart

Can’t Access WebAdmin

# Check if listening on localhost
sudo ss -tlnp | grep 7080

# Should show: 127.0.0.1:7080

# Create SSH tunnel again
ssh -i your-key.pem -L 7080:localhost:7080 ubuntu@YOUR_ELASTIC_IP

# Access: http://localhost:7080

Out of Disk Space

# Check disk usage
df -h

# Clear old backups
rm -f /home/ubuntu/backups/db-*
rm -f /home/ubuntu/backups/wordpress-*

# Clear old logs
sudo rm -f /usr/local/lsws/*/logs/*.log.*

# Clear package cache
sudo apt clean

Scaling & Performance

Upgrade Instance Type

When traffic grows:

1. Stop instance in AWS Console
2. Change instance type to t3.small or larger
3. Start instance
4. No data loss – everything persists

Add CloudFlare CDN (Free)

1. Sign up: https://cloudflare.com
2. Add your domain
3. Update nameservers at your registrar
4. Enable CDN, SSL, and caching

Database Optimization

# Optimize tables
sudo mysql -p
USE your_database_name;
OPTIMIZE TABLE wp_posts, wp_postmeta, wp_options;
EXIT;

Cost Breakdown

Free Tier (First 12 Months)

• EC2 t3.micro: FREE (750 hours/month)
• 20 GB Storage: FREE (30 GB included)
• Data Transfer: FREE (15 GB out/month)
• Elastic IP: FREE (when attached)
• Let’s Encrypt SSL: FREE (always)
• Brevo Email: FREE (300/day)

After Free Tier

• EC2 t3.micro: ~$8-10/month
• Storage: ~$2/month (20 GB)
• Data Transfer: $0.09/GB
• Total: ~$10-15/month

Optimization Tips

• Use CloudFlare (free CDN reduces data transfer)
• Optimize images before upload
• Enable caching (LiteSpeed Cache plugin)

Support & Resources

Official Documentation

• OpenLiteSpeed: https://docs.litespeedtech.com/
• WordPress: https://wordpress.org/support/
• Let’s Encrypt: https://letsencrypt.org/docs/

Useful Links

• GitHub Repository: Download Script
• Tutorial Website: https://nuno-sarmento.com
• PageSpeed Test: https://pagespeed.web.dev/
• SSL Test: https://www.ssllabs.com/ssltest/
• Security Headers: https://securityheaders.com/

Script Details

• Version: 1.0
• Author: Genium Creative
• Website: https://nuno-sarmento.com
• GitHub: Source Code
• Lines of Code: 607
• Execution Time: ~10-15 minutes

Installation Checklist

After installation, verify:

• ☐ Website loads at https://your-domain.com
• ☐ WordPress admin accessible at /wp-admin
• ☐ SSL certificate valid (green padlock)
• ☐ WebAdmin accessible via SSH tunnel
• ☐ All services running (check-status.sh)
• ☐ Backups configured (check /home/ubuntu/backups/)
• ☐ Email sending works (WP Mail SMTP test)
• ☐ PageSpeed score 90+ (after cache plugins)
• ☐ Security headers present (securityheaders.com)
• ☐ Automatic updates enabled

You’re All Set!

Your WordPress site is now running on a production-grade infrastructure with:

• ✅ Enterprise-level security
• ✅ Maximum performance optimization
• ✅ Automatic backups
• ✅ Auto-updating security patches
• ✅ Professional SSL encryption
• ✅ 100/100 PageSpeed capability

Enjoy your ultra-fast, secure WordPress site! 🚀

ABOUT AUTHOR

Nuno

Hi, I'm a Freelance Web Developer and WordPress Expert based in London with a wealth of website development and support experience. I am great at problem solving and developing quick solutions.