InitOps – Automatically Deploy LEMP Stack and WordPress on Ubuntu with a Single Command

With a single command, the system automatically installs Nginx, MariaDB, PHP 8.3, Redis, Iptables Firewall, Fail2Ban, Certbot SSL, WordPress, and applies performance-tuned configurations matched to your VPS resources.

Installing InitOps

Log in to your Ubuntu VPS as root:

ssh root@your-server-ip

Then run the one-line installer:

curl -sSL https://inithtml.com/initops/install.sh | bash

Within minutes, a fully optimized, production-ready environment will be up and running for your project.

Reopen the Menu Anytime

One of InitOps’ standout features is that it registers itself as a system command during installation. You never need to dig up or re-run the long curl command again.

Whenever you need to reopen the configuration menu, check system info, or re-apply optimizations after a VPS upgrade, just type the following from any directory in your terminal:

initops

After opening the menu, you can quickly access several built-in system management tools such as:

• Re-apply Performance Optimizations to retune the entire stack after upgrading your VPS resources.
• Help & Tuning Paths to quickly locate important system configuration files.
• Change Domain & Renew SSL to migrate domains and reissue SSL certificates automatically.
• Backup WordPress Database to create fast database backups directly from the server.

Version Info

• Version: 1.3.0
• Updated: 2026-05-29

What Does InitOps Install?

• Nginx Web Server: Latest version, tuned to handle high concurrency without bottlenecks.
• MariaDB Database Server: A powerful, secure database management system.
• PHP 8.3 FPM: The latest PHP release for maximum WordPress processing performance.
• Redis Server: Configured to communicate via Unix Socket for ultra-low latency.
• Fail2Ban: Monitors logs and automatically blocks brute-force SSH login attempts.
• WordPress Core: The latest official release from WordPress.org.
• Certbot & Python3-Certbot-Nginx: Tools for issuing and managing free SSL certificates from Let’s Encrypt.
• Iptables & Iptables-Persistent: A firewall system that persists rules across reboots.
• Essential PHP Extensions: A full set of required libraries including redis, imagick, mbstring, gd, curl, zip, and more.

Automatic Performance Tuning (Smart Hardware Tuning)

InitOps detects the actual CPU core count and RAM of your server and applies a dedicated optimization profile matched to the most common VPS tiers:

• Micro (under 1.5 GB RAM)
• Small (1.5 – 3.5 GB RAM)
• Standard (3.5 – 6 GB RAM | e.g. 4 GB VPS)
• Medium (6 – 14 GB RAM | e.g. 8/12 GB VPS)
• Large (14 – 24 GB RAM | e.g. 16 GB VPS)
• XLarge (24 GB RAM and above | e.g. 32 GB+ Dedicated)

Each profile is independently tuned across the full stack:

• Nginx: Optimizes worker count, buffer sizes, keepalive requests, and open file cache for better load handling.
• PHP-FPM: Automatically calculates the Process Manager settings (max_children, start_servers, min/max_spare_servers) to fully utilize available RAM without risking OOM crashes.
• MariaDB: Configures the InnoDB Buffer Pool to consume ~45% of RAM, and tunes log file size and thread cache for fast query execution.
• Redis Cache Memory: Sets an appropriate memory cap per profile and enables smart eviction (allkeys-lru) to keep cache usage under control.

Note: OPcache is intentionally not configured by InitOps — you remain in full control of it and can set it up to match your project’s needs without worrying about it being overwritten when re-applying optimizations.

Redis Object Cache via Unix Socket

Instead of the default TCP connection (127.0.0.1:6379), InitOps configures Redis to communicate with PHP over a Unix Socket (unix:///var/run/redis/redis.sock). This eliminates internal network overhead entirely, significantly reducing database response time for WordPress.

Tip: Once installation is complete, simply go to your WordPress admin, install the Redis Object Cache plugin, and click Enable — the system will automatically detect the pre-configured socket.

System Cron Replaces WP-Cron

By default, WordPress relies on WP-Cron — background tasks like sending emails, checking for updates, and emptying trash are only triggered when someone visits the site. This is both unreliable and wastes resources on every pageview.

InitOps solves this properly by:

• Disabling the internal WP-Cron mechanism (DISABLE_WP_CRON = true) in wp-config.php.
• Setting up a System Cron job under the www-data user, firing exactly once per minute via WP-CLI.
• Using flock -n to ensure that if a previous run hasn’t finished, the next one is automatically skipped — preventing overlapping cron processes, which is especially important on larger sites with heavy background tasks.

Full Compatibility with Caching & Security Plugins

Leading optimization and security plugins such as W3 Total Cache, WP Rocket, iThemes Security (Solid Security), and others often need to write custom Nginx rules to a nginx.conf file in the website root.

InitOps handles this out of the box by pre-creating a secure placeholder file and embedding include /var/www/html/nginx.conf; directly into the Nginx vhost configuration. Plugins can write their rules seamlessly without causing Nginx crashes or server instability.

Deep Security Configured Out of the Box

The highest production security standards are applied automatically:

• Firewall & Brute Force Protection: Iptables blocks all unexpected ports, leaving only 22, 80, and 443 open. Fail2Ban instantly bans any IP that fails SSH login more than 5 times.
• System Fingerprint Hiding: PHP version (expose_php = Off) and Nginx version (server_tokens off) are hidden from public responses.
• Directory Protection: Direct access and unauthorized PHP execution inside sensitive directories like /wp-content/uploads/ are blocked.
• Core File Lockdown: External access to wp-config.php and hidden system files like .git and .htaccess is denied.
• Basic DDoS Mitigation: xmlrpc.php is disabled by default to protect against Brute Force Amplification attacks.
• Standardized Permissions: Directory (755), file (644), and wp-config.php (640) permissions are strictly enforced.

OS Compatibility Check

Before taking any action, InitOps automatically verifies that the environment is running Ubuntu 24.04 LTS. If an incompatible OS is detected, the script halts immediately with a clear message — preventing any partial installation that could break the system.

Simple Setup Process

When the script starts, InitOps prompts you for a few basic parameters:

1. Domain name: Enter your domain (or press Enter to skip and use the server’s public IP directly).
2. Database name.
3. WordPress table prefix — changing this from the default improves protection against SQL Injection attacks.

Note: The database username and password are automatically generated using a cryptographic library, ensuring they are unique and impossible to guess through pattern analysis.

Post-Deployment Summary

Once deployment completes successfully, the console displays a full summary including:

• Database credentials (Name, User, Password, Prefix).
• Web root path (/var/www/html).
• SSL activation command: Make sure your domain is pointed to the server’s IP, then run:

  certbot --nginx -d domain.com

Important: Save your database credentials somewhere safe — they will not be displayed again for security reasons.

Automatic Domain Change & SSL Renewal

InitOps allows you to change your WordPress domain directly from the integrated management menu without manually editing the database or Nginx configuration files.

The system automatically:

• Updates the Nginx Vhost configuration.
• Runs Certbot to issue a new SSL certificate.
• Performs a full database Search & Replace using WP-CLI.
• Updates both siteurl and home values.
• Flushes Redis Object Cache to prevent cache-related migration issues.

The entire process is validated before any service reload occurs, helping ensure maximum stability during domain migration.

Automatic WordPress Database Backup

InitOps includes a built-in WordPress database backup utility powered directly by WP-CLI, reducing the need for heavy backup plugins inside WordPress.

The backup process automatically:

• Compresses backup files using gzip to save disk space.
• Automatically removes the raw .sql file after compression.
• Generates filenames using the domain name and timestamp for easier management.
• Automatically cleans up old backups to help prevent VPS disk exhaustion.

Backup files are stored at:

/var/backups/wordpress

System Requirements

• Ubuntu Server 24.04 LTS.
• Root access.
• A clean VPS or Dedicated Server (fresh OS — no existing web server or control panel installed).
• Stable internet connection.

Conclusion

InitOps streamlines and professionalizes the entire WordPress deployment process on Ubuntu. By automating everything from package installation and firewall setup to Fail2Ban integration, reliable System Cron configuration, and hardware-aware performance tuning, InitOps delivers a high-performance, secure WordPress server without requiring deep DevOps expertise.

Quick Install Command

curl -sSL https://inithtml.com/initops/install.sh | bash