I’m mostly putting this up for my own benefit, as every time I end up doing this I have to relearn like 90% of the process and I’d like to have a reference document.
So, start by picking up a domain name. I like to use Namecheap, but there are a million domain registrars, pick your favorite.
Go download PuTTY if you don’t have it already.
Next, pop over to DigitalOcean. They have a great guide for setting up WordPress on one of their droplets (and a lot of other stuff): https://www.digitalocean.com/community/tutorials/how-to-use-the-wordpress-one-click-install-on-digitalocean. I generally start with the cheapest droplet and will move up from there if necessary.
When you get to the bottom of the page, there’s a section marked “Add your SSH keys”, which you want to do now because it will save you more confusion later. Open up PuTTYgen (which is a separate program from PuTTY, but was installed with it), and generate a key (you should be able to leave the default parameters, they should be RSA and 2048 bits). You will need to save the public key onto the server and keep the private key for logging in.
At some point in here, point the nameservers to the right place. DigitalOcean has a guide here: https://www.digitalocean.com/community/tutorials/an-introduction-to-digitalocean-dns but for Namecheap domains you can just go change the nameservers to “ns1.digitalocean.com”, “ns2…” and “ns3…”.
When you go to log in with PuTTY as shown later in the instructions, you need to use that key. They’ve also written a guide for that: https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh
Don’t forget to save the login settings in PuTTY.
While you’re SSHed into the server, follow these instructions to setup an SSL certificate on your server: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
Now your server should be running WordPress and you should have a valid SSL certificate. Go make a login for your site. Note: do not use “admin” — this is a potential attack vector; I strongly suggest using a password vault in general in your life, and in particular using a random character name and password for the site. Remember that anyone who has this login has access to all the data on the site, including the database.
Go to settings, and change the “WordPress address” and “Site address” to the url you got the SSL certificate for. Note that it must much exactly — if you got “xyz.com” you should put in “https://xyz.com”, not “https://www.xyz.com”.
The next step is to add plugins. I am not a guru of WP plugins by any means, but I like:
- Obviously, WooCommerce. Without this, it’s not a WooCommerce site.
- WooCommerce Services — supports other plugins.
- WooCommerce PDF Invoices and Packing Slips
- WooCommerce Stripe Gateway
- WooCommerce PayPal Express Checkout Gateway
- UPS (BASIC) WooCommerce shipping
- Really Simple SSL
- Jetpack by WordPress.com
- Backup WordPress
- All In One SEO Pack
You’re ready to go — setup products, fine tune your marketing, make whatever custom pages you want.