How to update PHP for WordPress website on AWS Lightsail

  1. Create a Lightsail Instance with OS Only (Ubuntu 18.04)
  2. Setup a Static IP
  3. Open Firewall Port in the Lightsail Dashboard for HTTPS
  4. SSH into the Server you just setup
  5. Run following commands to update and upgrade apt-get
    1. sudo apt-get update
    2. sudo apt-get upgrade
    3. Select Yes on the screen prompt
    4. Select Keep Local changes option on the screen prompt
  6. Run the following command to install tasksel (tool to install group software packages)
    1. sudo apt-get install tasksel
  7. Run the following command to install all the software needed for a LAMP server (Linux, Apache2, MySQL, PHP)
    1. sudo tasksel install lamp-server
  8. Once the installation is finished let’s verify the necessary software was installed
    1. Test Apache2 by going to http://server_ip_address. You should see the Apache2 Ubuntu Default Page
    2. Test MySQL by typing following command. You should be logged into the MySQL command line interface.
      1. mysql -u root
    3. Test PHP with phpinfo() by creating an index.php file at /var/www/html
      1. cd /var/www/html
      2. sudo vi index.php
      3. <?php phpinfo(); ?>
    4. Save the file and load it in your browser by going to http://server_ip_address/index.php. You should see the PHP Version at the top showing PHP Version 7.2.24
  9. Allow Ports for Apache2 on the Firewall with these commands
    1. sudo ufw allow in "Apache Full"
    2. Verify you can see the Apache2 Ubuntu Default Page by going to http://server_ip_address
  10. Secure MySQL installation with the following command
    1. sudo mysql_secure_installation
    2. You will be asked to setup validation password. You can do this, but suggest to skip as it may cause issues with other software installs. Press N to skip
    3. Press Y key for the following when prompted:
      1. Remove anonymous users? Press Y
      2. Disallow root login remotely? Press Y
      3. Remove test database and access to it? Press Y
      4. Reload privilege tables now? Press Y
  11. Upgrade PHP from 7.2 to 7.4 (only for Ubuntu 18.04, Ubuntu 20.04 already installs PHP 7.4 by default)
    1. sudo apt-get update
    2. sudo apt -y install software-properties-common
    3. sudo add-apt-repository ppa:ondrej/php
    4. sudo apt-get update
    5. sudo apt -y install php7.4
    6. Verify that PHP 7.4 is now installed with command php -v
  12. Install common PHP 7.4 modules
    1. sudo apt-get install -y php7.4-common php7.4-mysql php7.4 php7.4-cgi libapache2-mod-php7.4 php-pear php7.4-mbstring php7.4-curl php7.4-gd php7.4-intl php7.4-memcached php7.4-zip php7.4-xml php7.4-json php7.4-mysqli php7.4-imagick php7.4-zip php7.4-fpm php7.4-gmp php7.4-xmlrpc php7.4-cli unzip
  13. Run following commands to disable PHP 7.2 and enable PHP 7.4 for Apache2
    1. sudo a2dismod php7.2
    2. sudo a2enmod php7.4
  14. Run the following commands to enable PHP 7.4 FPM in Apache2
    1. sudo a2enmod proxy_fcgi setenvif
    2. sudo a2enconf php7.4-fpm
    3. sudo systemctl reload apache2
  15. Configure PHP for WordPress
    1. sudo vi /etc/php/7.4/apache2/php.ini
  16. Ensure these properties and settings are enabled and configured as below
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M //Increase this as per your Server spec
cgi.fix_pathinfo = 0
upload_max_filesize = 200M //Set this as per your needs.
max_execution_time = 360
date.timezone = America/Chicago // Set this to your default timezone.
error_log = /var/log/php/error.log
error_reporting = E_COMPILE_ERROR | E_RECOVERABLE_ERROR | E_ERROR | E_CORE_ERROR
max_input_time = 60
  1. Restart Apache2 and PHP
    1. sudo service apache2 restart
    2. sudo systemctl restart php7.4-fpm.service
  2. Create log directory for PHP and setup ownership for Apache2
    1. sudo mkdir /var/log/php
    2. sudo chown www-data /var/log/php
  3. Restart Apache2
    1. sudo systemctl restart apache2
  4. Now we will setup permissions for /var/www/html folder. First allow Apache access to the folders and files
    1. sudo chgrp -R www-data /var/www/html
    2. sudo find /var/www/html -type d -exec chmod g+rx {} +
    3. sudo find /var/www/html -type f -exec chmod g+r {} +
  5. Give the ubuntu user read/write permissions
    1. sudo chown -R ubuntu /var/www
    2. sudo find /var/www/html -type d -exec chmod u+rwx {} +
    3. sudo find /var/www/html -type f -exec chmod u+rw {} +
    4. sudo find /var/www/html -type d -exec chmod g+s {} +
  6. Get the latest WordPress zip or the version that you are migrating from from the WordPress website Releases | WordPress.org. Replace mukesh.me with the domain you plan to use for your website and also replace the WordPress zip URL to the version you selected.
    1. wget https://wordpress.org/latest.zip -P /var/www/html
    2. unzip /var/www/html/latest.zip -d /var/www/html
    3. mv /var/www/html/wordpress/ /var/www/mukesh.me
    4. sudo chown www-data:www-data /var/www/mukesh.me/ -R
  7. Setup Apache Virtual Host
    1. sudo vi /etc/apache2/sites-available/mukesh.me.conf
    2. Add following configuration to the file. Replace mukesh.me with the domain you plan to use for your website
<VirtualHost *:80>

ServerAdmin mukesh@mukesh.me
ServerName mukesh.me
ServerAlias www.mukesh.me
DocumentRoot /var/www/mukesh.me

ErrorLog ${APACHE_LOG_DIR}/mukesh.me_error.log
CustomLog ${APACHE_LOG_DIR}/mukesh.me_access.log combined

<Directory /var/www/mukesh.me/>
    AllowOverride All
</Directory>
</VirtualHost>
  1. Enable the new configuration with the following command
    1. sudo a2ensite mukesh.me.conf
    2. sudo systemctl reload apache2
  2. Enable the Rewrite Module
    1. sudo a2enmod rewrite
    2. sudo systemctl restart apache2
  3. Check if the configuration is good
    1. sudo apache2ctl configtest
  4. Create the MySQL Database for WordPress
    1. mysql -u root -p
    2. create database wpdb;
    3. create user 'wpuser'@'localhost' identified by '$TGWREGQ$T#$TGRG#$TRAGAG'; // you can use your own username / password
    4. grant all privileges on wpdb.* to wpuser@localhost;
  5. At this point, go back to your existing WordPress live site and install and Activate the All-in-One WP Migration plugin. Perform an Export of your website and download the Export file.
  6. [WINDOWS Only] – if your existing domain is still pointing to your current server/live site then you will not be able to use your Domain for further setup. To use your domain, modify your Windows hosts file to manually setup your domain to use the new IP Address just for your computer.
    1. Open the Windows Command Prompt as Administrator (Press the Win Key, type CMD and when the CMD icon appears, right-click select Open as Administrator)
    2. cd c:\Windows\System32\drivers\etc
    3. edit the file hosts using notepad hosts command
    4. Add the new IP Address and domain like this:
    5. your_ip_address yourdomain.com
    6. Save the file. You should be able to load the WordPress install with your domain name now.
  7. Load WordPress installation wizard by using your browser and goto http://mukesh.me. Replace mukesh.me with the domain that you used above.
  8. If all the configuration was correct, you should see the WordPress Installation page. Follow the Installation Wizard to setup your WordPress instance.
  9. Setup SSL Cert for your WordPress website with these commands. Replace www.mukesh.me and mukesh.me with the domain you have used for your website
    1. sudo add-apt-repository ppa:certbot/certbot
    2. sudo apt install certbot
    3. sudo apt install python-certbot-apache
    4. sudo systemctl status certbot.timer
    5. wget https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py
    6. chmod +x acme-dns-auth.py
    7. sudo vi acme-dns-auth.py
    8. Add 3 to the end of the first line like this: !/usr/bin/env python3
    9. Save the file.
    10. sudo mv acme-dns-auth.py /etc/letsencrypt/
    11. sudo certbot certonly --apache --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d mukesh.me -d www.mukesh.me
    12. The command will output the CNAME entry that will need to be applied for the verification process. Update your DNS as directed with your DNS Provider (typically your registrar).
    13. After DNS update, Press ENTER
    14. Press A for accepting the Terms of Service after reading it
    15. Press Y or N if you want to share your Email with the EFF
    16. Next it will ask if you want to setup Redirect. My suggestion is to Press 1 for ‘No Redirect’. You can setup the redirect manually inside .htaccess or use a plugin. This is better in case you put a CDN or Load Balancer in front of the WordPress instance then you will not have redirection loops.
    17. If all went smooth you will get this message:
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mukesh.me/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mukesh.me/privkey.pem
   Your cert will expire on 2021-03-29. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
  1. If you see the above message, you can now load your website on HTTPS. Try it.
  2. Update your WordPress URL setting with the HTTPS URL of your domain by visiting the WordPress dashboard, then Settings->General
  3. Verify the Auto-Renewal is setup correctly with these commands
    1. sudo systemctl status certbot.timer
    2. You should get an output with the last line showing “Started Run certbot twice daily”
    3. sudo certbot renew --dry-run
    4. If you see no errors, the renewal is setup correctly and will renew accordingly. If there are errors, Let’s Encrypt will send you an email.
  4. Finally you can use a migration plugin to migrate from your Bitnami based WordPress to this instance with the upgraded PHP.
  5. Remove HOSTS entry
  6. Update DNS to have your domain point to the new IP Address
  7. Follow my other WordPress tutorials on securing and configuring WordPress.
https://youtu.be/4Ec5nU-N6jw