How to Install WordPress on Microsoft Azure
Cloud hosting is a newer type of hosting that is highly-scalable and more reliable than regular hosting. It is mostly intended for large businesses or websites with a huge amount of traffic. However, you should also consider it if you are expecting a large influx of traffic to your website(s), and especially if that traffic will be coming in spikes. But, with a lot of cloud hosting providers available, it might be difficult choosing the right one for your needs.
In this article, we will discuss why you should consider Microsoft Azure to be your cloud hosting provider. Apart from that, we will cover in minute detail how you can install WordPress on Microsoft Azure. Our instructions will also include steps you should take after the WordPress website has been deployed. These are intended to give you a headstart in finishing it quickly and getting your site out there as soon as possible. Without further ado, let us proceed, and if you wish to skip ahead to any part of this article, you can do so using the links below:
With cloud hosting, your website is hosted across multiple servers. This has two important advantages. One is the ability to dynamically scale server resources according to the current traffic influx on your website, and the other is the constant availability of your website (or as close to it as possible). More precisely, since your website is hosted across multiple servers, in case one goes down, you will get served through a different server that is a part of the same infrastructure. Those are the general benefits of cloud hosting, and they hold true for Azure as well. But, Microsoft Azure, as one of the most popular cloud hosting services, comes with its own unique set of pros and cons.
Microsoft Azure has a great security system for preventing data loss, so you can be confident that your site is in safe hands. It also offers compatibility with other apps within the Microsoft family. Thanks to a wide range of pricing tiers, it can be very cost-effective for larger businesses to store their websites on Azure. And, depending on the plan, you can get access to cloud environment apps such as analytics tools, monitoring, backups, CDN, and other functionalities.
However, to take advantage of Azure’s capabilities, you will need to know how to manage it properly and, ideally, have prior expertise in using Azure app services. This is because the documentation isn’t beginner-friendly and, thanks to the many available options, it can be quite overwhelming. Also, depending on your region, you might need to opt for a different cloud hosting provider to avoid website speed issues.
Now that you’ve gotten to know some of the pros and cons of cloud hosting in general and Microsoft Azure in particular, let’s see how you can install WordPress on Azure.
First, you would need to navigate to Microsoft Azure to create a free account. New accounts are, by default, free and include the use of free Azure services for up to 12 months and $200 credit for exploring paid Azure services, but that lasts only 30 days. The account verification requires you to leave both a phone and a credit card number, but there are no added costs for verifying the account.
After you successfully create your account, you will be prompted to navigate to the Portal. Alternatively, you can click on the Portal link after signing in with your account credentials.
This will place you within the main dashboard. Then, click on the Create a resource link from the Azure services section.
From there, you can click on the See all link to see all the services available on the Azure Marketplace.
Search the Marketplace for WordPress and then select the result that is simply named WordPress.
In the following window, press the Create button.
Then, fill out all the requested information in the form that is shown. That includes inserting an app name—this will form the base of your site URL, so think it through. And you will also need to add a resource group and choose a location closest to your target audience. You can leave the default values for the following options: subscription, database provider, and application insights. Afterward, click on the Database field to adjust all the database-related options.
In the following screen, you’ll need to decide on your server name, database admin username and password, and database name, and choose the MySQL version and pricing tier. For this article, we have left those two with their default values. However, you should change them according to your needs. Also, make sure to remember your database username and password, as you will need it later. Then, press the OK button.
In doing so, you will be returned to the previous screen. Press the Create button at the bottom to start the deployment of your resource group.
You might have to wait a few minutes for the deployment to finish. Just be patient and keep track of the progress by clicking on the bell icon within your main dashboard. After the resource group has been deployed, you can access it by clicking on the Go to resource button.
Locate the URL of your website and click on it.
The link will open in a new tab, starting the regular WordPress installation on your website. Choose your language and press the Continue button. For this tutorial, we will stick with English as the default value.
Insert your site title, login username and password, and email. Then press the Install WordPress button. Make sure to save the username and password, so that you can log in to your website later. If necessary, you can choose to tick the checkbox next to the Search Engine Visibility to discourage the indexing of your website while you prepare it. We have opted not to do so.
Afterward, you will see a success message stating that WordPress has been installed on your website. Press the Log In button to log in to your website.
Then, insert your WordPress login username and password and press the Log In button below.
With that, you have successfully installed WordPress on Microsoft Azure. Your new site will have some default themes and plugins installed, and you can decide whether to use them or not.
Although you have an Azure WordPress website now, there are still some additional steps you should take. These will help you with things like your site visibility and we will be covering them in the following section.
The additional steps we suggest doing after your WordPress website has been created on Azure are to map your service with a domain name and to configure the SSL. Unlike some of the other cloud hosting solutions, the process of assigning a static IP address to your app service isn’t needed. With Azure, your app service will already have an assigned static IP address.
However, there is a prerequisite to doing the two steps we mentioned. That is to scale up your app service plan or, more precisely, your pricing tier. You’ll have to change to one of the non-free pricing tiers if you have been using a free tier previously. Currently, it means switching to D1, B1, B2, B3, or any of the Production category tiers. Once you’ve done so, proceed to our instruction below.
Mapping your app service to a domain name
Even though you have already created a WordPress website, your users might have a hard time finding it. That’s because the only way of finding it is to type in the site’s exact IP address in the address bar of a browser. Since IP addresses are hard to memorize, one of the first steps after creating a WordPress website on Microsoft Azure is to map a domain name to it. A domain name will serve as the name of your website, so make sure to choose a name your visitors can easily remember and that is closely tied to a brand you are trying to create or have already created. A good domain name will attract additional visitors while providing credibility to your website. Furthermore, if you choose to change your hosting, the effort you put into building a brand won’t be lost as long as you save your domain name.
To acquire a domain name, you would need to purchase it from a domain name provider, i.e. domain registrar. There are a lot of domain registrars currently Domain.com, Namecheap, GoDaddy, Register.com, Bluehost are only some of them. As domain names have to be unique, you will need to spend some time finding the most appropriate name for your website, and making sure it’s not already taken. If you need any help with that, you can learn more about domain names before picking one.
After you buy your domain name, you will need to map it to your current app service. We will discuss how you can do so below.
From the Azure main dashboard, click on the All resources link from the left side menu.
From the list of all your current resources, click on the app service to which you wish to map the domain name.
Then, click on the Custom domains link on the left.
After the page loads, find the Custom Domain Verification ID and press the copy icon next to it. Ideally, store it somewhere that you can easily copy and paste from later.
While on the same page, click on the Add custom domain link.
In the popup window that opens on the right, insert the domain name you previously bought and press the Validate button.
Then, click on the Validate button once more, in the following window. If you get the error that your domain ownership isn’t verified, don’t worry. It can be easily fixed by adding two recordsets with the configuration mentioned in the error message.
Therefore, open a new browser tab and connect to your domain registrar’s account. It is important not to close the tabs, as they are both used for mapping the domain name. We are going to use the previously copied ID to add two additional DNS records to the set of existing DNS records our purchased domain has. The steps for adding those records might differ slightly based on which domain registrar you are using. In our case, that is Namecheap, so we will show you which steps you need to take with it.
After logging in, click on the Domain List link, locate the purchased domain name and click on the Manage button next to it.
Then press the Advanced DNS tab and click the Add new record link.
For the first record, choose A as the type, insert @ as host, and input your IP address as the value. Afterward, choose the TTL you want (we put 5 min) and press the Save icon next to the record.
For the second record, choose the TXT type, insert asuid as the host, and input the previously copied ID as the value. Set a TTL of your choosing and save the DNS record, afterward.
Then, you will have to wait a bit for the DNS records to propagate. You can check the status of your DNS records using a DNS lookup tool like Dig web interface. You can also check by navigating to the previous tab and pressing the Validate button once more. Once the domain ownership error has gone, press the Add custom domain button.
Afterward, you should see a new domain added to your list of custom domains. If you aren’t able to see it right away, press the Refresh option at the top.
Then, try visiting your website by typing the domain name in the address bar of your browser. This lets you check whether the domain name was properly mapped to your app service, i.e. your website. Generally speaking, DNS records take up to 48 hours to propagate, but we were able to access our domain after only a couple of minutes.
Configuring an SSL certificate
SSL (Secure Sockets Layer) is a security protocol for encrypting sensitive information that users share on your website (for example passwords or credit card information). The encryption prevents hackers from intercepting the data while it is being transmitted and taking advantage of it. Additionally, an SSL certificate guarantees the ownership of your website, which, in turn, instills more trust in you and your brand. For both those reasons, eCommerce websites need to have an SSL certificate, while it is highly encouraged for all other websites.
Currently, the latest version of this security protocol is called TLS (Transport Layer Security). But, as the name SSL was quite popular, it stayed to this day and this protocol is referred to as TLS/SSL (or SSL/TLS). As such, to make sure your website is secure, you would need to create a TLS/SSL certificate, which can be either free or paid.
There are two types of paid Azure SSL certificates—Standard and Wild Card. Both are managed by Azure, so your involvement can be minimal beyond filling in some information. They also last for a year and have an auto-renewal option. However, the Standard SSL certificate covers only the naked domain, so if you opt to use it you’ll need to create App Service Managed Certificates for each of your non-naked domains (subdomains). On the other hand, the Wild Card certificate will cover all your naked and non-naked domains.
The annual price for the Standard certificate is $69.99 and it’s $299.99 for the Wild Card certificate. Once you decide which one suits your needs, you can order it on the App Service Certificate page.
Azure also allows the use of free SSL certificates, though with some limitations. Please note, using the Managed Certificate option to create a free SSL certificate for your main domain is not possible on Azure. But, you can use it to secure your subdomains. Also, by default, free SSL certificates last 90 days after which you need to renew them.
However, if you’re trying out Azure before deciding to commit, there is a workaround you can use. This way, you don’t have to invest in an annual certificate before being sure you’ll stay with Azure. In the following section, we’re going to share the workaround we found for using free SSL certificates for both your naked and non-naked domains.
To create a TLS/SSL certificate, open your app service once more, and click the TLS/SSL settings link from the left side menu.
Afterward, access the Private Key Certificates(.pfx) tab. There, you will see the Create App Service Managed Certificate button.
Pressing it, you will get the following error stating that the managed SSL certificates are only enabled for subdomains.
As our goal for this article is to secure both the non-www and www versions of our site, we will show you how to create a free SSL certificate using ZeroSSL as a third-party service. Their certificates cover both the non-www and www site versions. Then, we will upload the SSL certificate to TLS/SSL settings and properly bind it to both custom domains for it to work properly.
To clarify, using ZeroSSL you can create both free and paid TLS/SSL certificates that are certified by trustworthy third-party organizations called certificate authorities. The procedure of creating a certificate is quite straightforward, but the free certificates last 90 days and you can have up to three at the same time. With that being said, let us proceed with the TLS/SSL certificate configuration.
To start with, we will add the www. subdomain. That’s done by navigating to the Custom domains link while your current app service is selected. Then, on the page that opens, click on the Add custom domain button.
In the popup window that opens on the right, insert your www. subdomain and press the Validate button.
If you get the domain ownership error, as was the case for us, you will need to add two additional records to your domain registrar’s account. You’ll use the information stated in the error message to create the records. We suggest doing so in a separate tab and keeping the current tab open.
Once again, these steps might differ slightly, based on which registrar you are using. Within Namecheap, you should navigate to the Domain List, locate the chosen domain name, and click on the Manage button next to it.
Then, add two new records, one at a time, by clicking on the Add new record link below the record list. For the first record, set it to the CNAME type, insert www as the host, and set appservice.azurewebsites.net as the value. Make sure to replace the appservice part with the actual name of your app service. Then, choose the TTL (for example, 5 min) and press the small Save link to save that record.
For the second record, set the type to TXT, insert asuid.www as the host, and add your custom domain verification ID, which you previously stored, as the value. Insert the TTL and press the Save link next to it, as well.
After that, you would need to wait until the records are propagated. You can check the status of your DNS records using a DNS lookup tool or by navigating to the previous tab and pressing the Validate button. Once the domain ownership error is gone, press the Add custom domain button, to add the www. subdomain.
Afterward, you will see your newly created subdomain within the list of your custom domains. Consider refreshing the list, if you are still unable to see the subdomain after completing all the steps.
Once you’ve done so, navigate to ZeroSSL. Insert your domain name in the input field at the top and press the Next Step button. As noted on the screenshot, after inserting the domain name, both versions of your site will be selected.
If you don’t have a ZeroSSL account already, you would need to create one in the following step. You only need to add your email and password, after which you can just press the Next Step button to continue. If you already have an account, you can press the Log in instead link above the form. Then, you would need to insert your credentials in the following substep to log in and be able to continue.
Afterward, press the New Certificate button to start creating the certificate.
On the following page, insert your domain name and press the Next Step button. You should be able to see a notice on the screen showing that the www version of the website will be covered with the same certificate.
Then, click on the radio button next to the 90-Day Certificate option. This is the default duration of a free SSL certificate. And press the Next Step button.
In the following step, make sure that the radio button Auto-Generate CSR is toggled on, and press the Next Step button. If you wish, you can toggle it off and manually insert the contact information and CSR.
Afterward, make sure that the Free plan is selected and press the Next Step button below.
After that, you will need to wait for a bit while the certificate is being created. As soon as that’s done, you will see a success message and you will be offered a method of owner verification. Choose the method that suits you most and proceed to verify the domain name ownership. Press the Next Step to proceed to the verification steps.
In our case, we have chosen DNS (CNAME). This requires us to add a CNAME record in our domain registrar’s account. The following information is included with your new certificate: an alphanumeric name ending with a dot and followed by our domain name. From that name, you only need to insert the first (alphanumeric) part when creating a new DNS record. Following that, you will see a long Point To link, which you should use to just copy and paste into your new record. Finally, the TTL setting should be 3600 (or lower). We will use 300 (seconds), i.e. 5 minutes. All of this is noted in the screenshot above.
To create that new record, log in to your domain registrar’s account, find your current domain name and click to edit it. We advise doing so in a separate tab so that you can easily switch back and forth to copy and paste the information you need. As the process of adding DNS records differs based on your domain registrar, we will explain how it is done within our domain registrar, Namecheap. You can always examine the documentation of your domain registrar, or ask them for help with performing the equivalent steps.
Within Namecheap, you would need to click on the Advanced DNS tab of your domain name. Then, scroll down to the list of domains, click on the Add new record button, and insert the following information. First, choose the CNAME record, insert the alphanumerical name (not including the part with .domainname.com) as the host, and set the whole alphanumeric label as the value within Point to. Then, choose the TTL of 5 minutes, for example, and press the small Save icon next to the record.
Afterward, you will need to wait for the DNS record to propagate. Meanwhile, you should return to the previous tab and press the Next step button after creating the DNS record.
In the following window, press the Verify Domain button.
If everything was done properly and the DNS record has propagated, you will be able to see a success message shortly after. Then, you only need to wait a bit more until the SSL certificate is issued.
Afterward, you will see another success message confirming that your certificate has been issued. To download it, press the Download Certificate (.zip) button below. Then, press the Next Step button to proceed.
By pressing the download button, you will download the your-domain-name.zip file, where the your-domain-name will be your actual domain name. This zip file will contain three other files – ca_bundle.crt, certificate.crt, and private.key. Extract the zipped folder onto your computer in a location that you can easily access. Make sure to keep track of where you extracted the files, as two of them – certificate.crt and private.key will be needed for future steps.
Generally, after creating the SSL certificate, we would only need to upload it to the TLS/SSL settings within Azure and adjust some of the settings for it to work. However, as the upload certificate feature within Azure only accepts .pfx files as a valid file format, we need to find a way to create a .pfx file using our current certificate files. Luckily, there are SSL converters online, to help us manage this.
Navigate to an SSL converter website to create the .pfx certificate.
Set the type of the current certificate to Standard PEM and choose PFX/PKCS#12 as the type to convert to. Then select the appropriate files as the certificate file and private key file. This is done by pressing the Choose File button, which will open a file dialog window. The files that you should select are certificate.crt and private.key that you previously stored on your computer. Choose a PFX password and press the Convert Certificate button. Make sure to remember the PFX password, as it will be necessary for uploading the .pfx certificate. After pressing the Convert Certificate button, you will download the certificate.pfx file. It will most likely be saved in your Downloads folder, unless you set your browser to save files elsewhere.
After you download the .pfx file, you will need to upload it to Azure’s TLS/SSL settings. To do that, navigate to the TLS/SSL settings of your current app service, click on the Private Key Certificate (.pfx) tab, and press the Upload Certificate button.
A popup window will appear on the right. Clicking the folder icon will bring up a file dialog, from which you should select the certificate.pfx file you previously downloaded. Then, insert the PFX password and press the Upload button.
After a short while, you will see a success notification, stating that your certificate was successfully uploaded.
Having uploaded the certificate, the following step is to bind that certificate with your non-www and www domains.
To that, navigate to the Custom domains section of your current app service, locate your non-www domain, and press the Add binding link next to it.
In the popup window that opens on the right, select your non-www domain as the custom domain. Then choose the SSL certificate that covers both the non-www and www version of your website and set SNI SSL as the SSL type. Then, press the Add binding button to assign the SSL certificate to your non-www domain.
To clarify, SNI SSL stands for Server Name Indication and is an extension of the TLS protocol. It allows you to bind your SSL certificate to a domain name, as opposed to an IP address. Thanks to this, you can have multiple certificates for multiple custom domains tied to a single IP address. With that being said, let us proceed further with the configuration.
As with previous steps, you will receive a success notification confirming that the step was completed.
Afterward, proceed the same for the www. subdomain. The only difference between this and the previous step is that you will need to choose the www version as the custom domain.
After you bind the SSL certificate to both your non-www and www domain, you only need to toggle on the HTTPS Only option. As your website is publicly accessed by all users, this option ensures that the insecure HTTP requests are redirected to an HTTPS port.
With that being said, you will need to access your website to verify that the SSL certificate was properly set. Make sure to clear the browser cache to ensure that you are viewing the latest version of your website. You will know that your website is secure if you see a padlock icon before the website URL and if the URL is preceded with https:// for both your non-www domain and www. subdomain.
Final Thoughts
In this article, we touched on some aspects of cloud hosting in general and considered the use of Microsoft Azure app services in particular. For users that opt to host their site on Microsoft Azure, we included comprehensive instructions on how to install a WordPress website on this cloud. Besides that, we made sure to explain all the important steps you should take after your website is created, and why you should take them. Finally, as making the best of all cloud hosting features requires quite a bit of tech-savviness, we suggest going through Microsoft Azure’s documentation in detail to learn the ins and outs of cloud hosting management.