# Installing WordPress High Availability using Cloud Apps

In this tutorial, you will install and configure [WordPress](https://wordpress.org/), a content management system equally suitable for personal blogs and large-scale media and commercial projects. You will deploy [Cloud Apps](../../cloud-apps/index.md) on a virtual machine with all required resources autoconfigured, including a [Yandex Managed Service for MySQL®](../../managed-mysql/index.md) database, a web server, and [Yandex Cloud Postbox](../../postbox/index.md) integration.

To install WordPress:

1. [Get your cloud ready](#before-you-begin).
1. [Create a VPC network and subnets](#create-network).
1. [Configure a DNS zone](#configure-dns).
1. [Create Yandex Lockbox secrets](#create-secret).
1. [Install WordPress using Cloud Apps](#install-wordpress).
1. [Configure WordPress](#configure-wordpress).
1. [Check the result](#check-result).

If you no longer need the resources you created, [delete them](#clear-out).


## Get your cloud ready {#before-you-begin}

Sign up for Yandex Cloud and create a [billing account](../../billing/concepts/billing-account.md):
1. Navigate to the [management console](https://console.yandex.cloud) and log in to Yandex Cloud or create a new account.
1. On the **[Yandex Cloud Billing](https://center.yandex.cloud/billing/accounts)** page, make sure you have a billing account linked and it has the `ACTIVE` or `TRIAL_ACTIVE` [status](../../billing/concepts/billing-account-statuses.md). If you do not have a billing account, [create one](../../billing/quickstart/index.md) and [link](../../billing/operations/pin-cloud.md) a cloud to it.

If you have an active billing account, you can create or select a [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) for your infrastructure on the [cloud page](https://console.yandex.cloud/cloud).

[Learn more about clouds and folders here](../../resource-manager/concepts/resources-hierarchy.md).


### Required paid resources {#paid-resources}

The cost of support for the new infrastructure includes:

* Fee for VM usage and data storage on disk (see [Yandex Compute Cloud pricing](../../compute/pricing.md)).
* Fee for public DNS zone usage and public DNS requests (see [Yandex Cloud DNS pricing](../../dns/pricing.md)).
* Fee for computing resources allocated to hosts, storage and backup size (see [Yandex Managed Service for MySQL® pricing](../../managed-mysql/pricing.md)).
* Fee for using a bucket to store media files (see [Yandex Object Storage pricing](../../storage/pricing.md)).
* Fee for storage of and operations with secrets (see [Yandex Lockbox pricing](../../lockbox/pricing.md)).
* Fee for outgoing emails (see [Yandex Cloud Postbox pricing](../../postbox/pricing.md)).


## Create a VPC network and subnets {#create-network}

Create a [cloud network](../../vpc/concepts/network.md) and [subnets](../../vpc/concepts/network.md#subnet) to deploy your resources in.

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), navigate to the folder where you want to deploy your infrastructure.
  1. Navigate to **Virtual Private Cloud**.
  1. In the top-right corner, click **Create network**.
  1. In the **Name** field, enter a name for the network. The naming requirements are as follows:

      * Length: between 3 and 63 characters.
      * It can only contain lowercase Latin letters, numbers, and hyphens.
      * It must start with a letter and cannot end with a hyphen.
  
  1. Keep **Create subnets** enabled.
  1. Click **Create network**.

- Yandex Cloud CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. Create a cloud network in the default folder:

      ```
      yc vpc network create --name wordpress-network
      ```

  1. Get the list of the cloud networks in the folder:

      ```
      yc vpc network list --folder-id b1g6ci08ma55********
      ```

      Result:

      ```
      +----------------------+-------------------+
      |          ID          |      NAME         |
      +----------------------+-------------------+
      | enpavfmgapum******** | wordpress-network |
      | enplom7a98s1******** | default           |
      +----------------------+-------------------+
      ```

  1. Select `NAME` or `ID` of the cloud network you need. Create a subnet in the `ru-central1-a` availability zone:

      ```
      yc vpc subnet create \
        --network-id enpavfmgapum******** \
        --zone ru-central1-a \
        --range 192.168.0.0/24
      ```

      Where:

      * `--network-id`: Cloud network ID. When creating a subnet, specify the cloud network for the subnet and CIDR.
      * `--zone`: Subnet availability zone.
      * `--range`: List of internal IPv4 addresses specified for this subnet, such as `10.0.0.0/22` or `192.168.0.0/16`. Make sure the addresses are unique within the network. The minimum subnet size is /28, and the maximum subnet size is /16. Only IPv4 is supported.

      The subnet naming requirements are as follows:

      * Length: between 3 and 63 characters.
      * It can only contain lowercase Latin letters, numbers, and hyphens.
      * It must start with a letter and cannot end with a hyphen.

  1. Similarly, create a subnet in the `ru-central1-d` availability zone.

- API {#api}

  To create a cloud network, use the [create](../../vpc/api-ref/Network/create.md) REST API method for the [Network](../../vpc/api-ref/Network/index.md) resource or the [NetworkService/Create](../../vpc/api-ref/grpc/Network/create.md) gRPC API call and provide the ID of the folder to host the new network in the `folderId` parameter of your request:

  To learn how to find out the folder ID, see [Getting the folder ID](../../resource-manager/operations/folder/get-id.md).

  To create subnets in the `ru-central1-a` and `ru-central1-d` availability zones, use the [create](../../vpc/api-ref/Subnet/create.md) REST API method for the [Subnet](../../vpc/api-ref/Subnet/index.md) resource or the [SubnetService/Create](../../vpc/api-ref/grpc/Subnet/create.md) gRPC API call, and provide the following in your request:

  * ID of the folder the subnet will reside in, in the `folderId` parameter.
  * ID of the network the subnet will be placed in, in the `networkId` parameter.
  * ID of the availability zone the subnet will be placed in, in the `zoneId` parameter.
  * List of internal IPv4 addresses specified for this subnet, in the `v4CidrBlocks[]` array, e.g., `10.0.0.0/22` or `192.168.0.0/16`. Make sure the addresses are unique within the network. The minimum subnet size is `/28`, while the maximum subnet size is `/16`. Only IPv4 is supported.

  To get the subnet ID, use the [list](../../vpc/api-ref/Subnet/list.md) REST API method for the [Subnet](../../vpc/api-ref/Subnet/index.md) resource or the [SubnetService/List](../../vpc/api-ref/grpc/Subnet/list.md) gRPC API call and provide the folder ID in the `folderId` request parameter.

{% endlist %}


## Configure a DNS zone {#configure-dns}

Create a [public DNS zone](../../dns/concepts/dns-zone.md#public-zones) and delegate your domain to it. For more about delegating domains, see [this guide](../../troubleshooting/dns/how-to/delegate-public-zone.md). This DNS zone will host the WordPress domains.

{% list tabs group=instructions %}

- Management console {#console}

  1. Navigate to **Cloud DNS**.
  1. Click **Create zone**.
  1. Specify the DNS zone settings:
     * **Zone**: Specify your registered domain with a trailing dot, e.g., `example.com.`.
     * **Type**: Select `Public`.
     * **Name**: Enter a name for the zone, e.g., `example-zone`.
  1. Click **Create**.

  1. Delegate your domain to Yandex Cloud servers. Do it by specifying the addresses of the `ns1.yandexcloud.net` and `ns2.yandexcloud.net` DNS servers in your domain registrar's account.

     Delegation does not take effect immediately. It usually takes up to 24 hours for internet service providers to update records. You can check domain delegation using [Whois](https://www.reg.ru/whois/check_site) or the `dig` utility:

     ```bash
     dig +short NS example.com
     ```

     Result:

     ```text
     ns2.yandexcloud.net.
     ns1.yandexcloud.net.
     ```

- Yandex Cloud CLI {#cli}

  1. Create a public DNS zone:

     ```bash
     yc dns zone create \
       --name example-zone \
       --zone example.com. \
       --public-visibility
     ```

     Where `--zone` is your domain's name, e.g., `example.com.`. The `--zone` parameter value must end with a trailing dot.

     Result:

     ```text
     id: dns39gihj0ef********
     folder_id: b1g681qpemb4********
     created_at: "2024-09-09T15:23:34.919887Z"
     name: example-zone
     zone: example.com.
     public_visibility: {}
     ```

     For more information about the `yc dns zone create` command, see the [CLI reference](../../cli/cli-ref/dns/cli-ref/zone/create.md).

  1. Delegate your domain to Yandex Cloud servers. Do it by specifying the addresses of the `ns1.yandexcloud.net` and `ns2.yandexcloud.net` DNS servers in your domain registrar's account.

     Delegation does not take effect immediately. Internet provider servers update records within 24 hours.

- API {#api}

  To create a public DNS zone, use the [create](../../dns/api-ref/DnsZone/create.md) REST API method for the [DnsZone](../../dns/api-ref/DnsZone/index.md) resource or the [DnsZoneService/Create](../../dns/api-ref/grpc/DnsZone/create.md) gRPC API call.

  Delegate your domain to Yandex Cloud servers. Do it by specifying the addresses of the `ns1.yandexcloud.net` and `ns2.yandexcloud.net` DNS servers in your domain registrar's account.

{% endlist %}


## Create Yandex Lockbox secrets {#create-secret}

Yandex Lockbox [secrets](../../lockbox/concepts/secret.md) will store the password of the Yandex Managed Service for MySQL® database and the WordPress admin password.

{% list tabs group=instructions %}

- Management console {#console}

  To create a secret that will store the Yandex Managed Service for MySQL® database password:

  1. Navigate to **Lockbox**.
  1. Click **Create secret**.
  1. In the **Name** field, specify the secret name: `db-password-secret`.
  1. In the **Secret type** field, select `Custom`.
  1. In the **Key** field, enter `db_password`.
  1. In the **Value** field, paste the Yandex Managed Service for MySQL® database password.
  1. Click **Create**.

  Similarly, create a secret named `wp-admin-password-secret` that will store the WordPress admin password. In the **Key** field, specify `wp_admin_password`.

- Yandex Cloud CLI {#cli}

  To create a secret that will store the Yandex Managed Service for MySQL® database password, run this command:

  ```bash
  yc lockbox secret create \
    --name db-password-secret \
    --payload "[{'key': 'db_password', 'text_value': '<password>'}]"
  ```

  Where `text_value` is the Yandex Managed Service for MySQL® database password.

  Result:

  ```text
  id: e6q0rdjdggjp********
  folder_id: b1g681qpemb4********
  created_at: "2025-07-12T18:23:49.844Z"
  name: db-password-secret
  status: ACTIVE
  current_version:
    id: e6qbp772i014********
    secret_id: e6q0rdjdggjp********
    created_at: "2025-07-12T18:23:49.844Z"
    status: ACTIVE
    payload_entry_keys:
      - db_password
  ```

  Similarly, create a secret that will store the WordPress admin password. Specify `wp_admin_password` in the `key` parameter.

- API {#api}

  To create a secret, use the [create](../../lockbox/api-ref/Secret/create.md) REST API method for the [Secret](../../lockbox/api-ref/Secret/index.md) resource or the [SecretService/Create](../../lockbox/api-ref/grpc/Secret/create.md) gRPC API call.

  Specify `db_password` in the `key` parameter for the key to contain the Yandex Managed Service for MySQL® database password. Specify `wp_admin_password` for the key to store the WordPress administrator password.

{% endlist %}

{% note info %}

Creating a secret with a WordPress admin password is not mandatory: you can omit it in the application settings; in this case, it will be created automatically with a random password when installing the application.

{% endnote %}


## Install WordPress {#install-wordpress}

Install [WordPress High Availability](https://yandex.cloud/en/marketplace/products/yc/wordpress-ha-app) using Cloud Apps:

{% list tabs group=instructions %}

- Management console {#console}

  1. Navigate to **Cloud Apps**.
  1. Click **Choose application**.
  1. Select **WordPress High Availability** and click **Use**.
  1. Configure the application:

      {% note warning %}

      Once created, the WordPress admin login cannot be edited.

      {% endnote %}

      #|
      || **Parameter** | **Required** | **Default value** | **Description** ||
      || **Name** | Yes | — | Name of your WordPress High Availability instance. ||
      || **Description** | — | — | Application instance description. ||
      || **Service account** | Yes | — | Service account with the `admin` role for the folder. To create a service account with the required permissions during app installation, select `Auto`. ||
      || **DNS zone ID** | Yes | — | ID of the DNS zone to host the application's domain. ||
      || **Site subdomain** | — | Empty | Domain for access to the main website, formed by adding a subdomain to the DNS zone domain, i.e., `site.example.com` or `example.com` if no subdomain is specified. ||
      || **Sender** | — | `noreply@<website_domain>` | Email sender. Used to set up SMTP via Yandex Cloud Postbox. ||
      || **WordPress administrator username** | — | `admin` | Username for the WordPress admin account. ||
      || **WordPress administrator email address** | Yes | — | Email address to use for creating the WordPress admin account, sending system notifications, and resetting the password. ||
      || **ID of the secret with the WordPress admin password** | — | — | ID of the `wp-admin-password-secret` secret with the WordPress administrator password you created earlier. If you do not specify a secret, it will be created automatically with a random password when installing the application. ||
      || **Subnet in ru-central1-a** | Yes | — | Subnet in the ru-central1-a availability zone for deploying a Managed Service for MySQL® cluster and VMs with a file system. ||
      || **Subnet in ru-central1-d** | Yes | — | Subnet in the ru-central1-d availability zone for deploying a Managed Service for MySQL® cluster and VMs with a file system. ||
      || **Instance group size** | — | `2` | Number of instances in the group. ||
      || **Number of vCPUs** | — | `2` | Number of vCPUs. ||
      || **RAM** | — | `2` | RAM in GB. ||
      || **Guaranteed vCPU share** | — | `100` | Guaranteed vCPU share in %. Available values: 20%, 50%, or 100%. ||
      || **Public SSH key** | — | — | The key will be added to `authorized_keys` of the WordPress user.
      We recommend specifying a public SSH key to access the VM over SSH. You will need to create a key pair for the SSH connection yourself; see [this guide](../../compute/operations/vm-connect/ssh.md#creating-ssh-keys) for details. ||
      || **File system size** | — | `100` | File system size in GB. ||
      || **ID of the secret containing the database password** | Yes | — | ID of the `db-password-secret` secret you created earlier; the secret contains the password to connect to a Managed Service for MySQL® cluster. ||
      || **Managed Service for MySQL®** cluster disk size | — | `20` | Managed Service for MySQL® cluster disk size in GB. ||
      |#

  1. Click **Install**.

     In the window that opens, you will see the resources that will be created when installing the application. As soon as all resources are created, the VM will start configuring the website, installing plugins, and issuing TLS certificates. Wait for the installation to complete. This may take five to ten minutes.

{% endlist %}

{% note info %}

Automatic installation of the app creates a Yandex Cloud Postbox [address](../../postbox/concepts/glossary.md#adress) and a DNS record for its verification.

{% endnote %}


## Configure WordPress {#configure-wordpress}

1. In your browser, open the main website address: `https://<website_domain>`, where `<website_domain>` is the main website subdomain or the DNS zone domain, if no subdomain has been provided.
1. In your browser, open the admin dashboard address: `https://<website_domain>/wp-admin`.
1. Log in to the admin dashboard using:
   * **Username**: Admin username you provided when installing the application.
   * **Password**: Admin password. If you did not specify a secret containing the admin password in the application settings, you can find the password value in the secret that was generated automatically during the installation. The secret name is `wp-admin-password-secret`.

      {% note info %}

      If you forget the password, you can recover it via the standard WordPress password reset form using the admin email address specified during installation.

      {% endnote %}

Once you log in, you will be redirected to the WordPress admin dashboard page where you can start managing your website.


## Check the result {#check-result}

Make sure WordPress is working correctly:

1. In your browser, open the main website subdomain, if specified during installation. Otherwise, open the DNS zone domain. You should see the WordPress home page.
1. Create a test post:

   1. In the admin dashboard, click **Posts** → **Add New**.
   1. Provide the post title and content.
   1. Upload an image to the post. It will be automatically saved to the Object Storage bucket.
   1. Publish the post.

1. Make sure that the post appears on the website home page.
1. Test email notifications:

   1. In the admin dashboard, go to the settings section.
   1. Try resetting the password using **Lost your password?**.
   1. Check the mailbox you specified for the password reset email.

   {% note info %}

   Integration with Yandex Cloud Postbox supports user sign-ups and password resets. Yandex Cloud Postbox does not support bulk mailing because the feature requires a special API.

   {% endnote %}

1. Check the installed plugins:

   1. In the admin dashboard, go to **Plugins**.
   1. Make sure the following plugins are installed:
      * **S3 Uploads**: For integration with **Yandex Object Storage** to store media files.
      * **WP Mail SMTP**: For integration with **Yandex Cloud Postbox** to send email notifications.

1. Open the database admin dashboard domain in your browser:

   1. Log in to the database admin dashboard.
   1. Use these credentials:
      * **Server**: `db`.
      * **Engine**: `MySQL`.
      * **Username**: `wordpress`.
      * **Password**: Database password you specified in `db-passwords-secret`.


## How to delete the resources you created {#clear-out}

To shut down the resources you created and stop paying for them:

1. Delete the Yandex Cloud Postbox address and the associated [DNS record](../../dns/operations/resource-record-delete.md). These resources are not removed automatically when you delete the application.
1. [Delete](../../storage/operations/objects/delete-all.md) all objects from the Object Storage buckets created when installing the application because non-empty buckets cannot be deleted.
1. Delete WordPress High Availability:

   1. In the [management console](https://console.yandex.cloud), select the folder the application is installed in.
   1. Navigate to **Cloud Apps**.
   1. Find WordPress High Availability in the list.
   1. Click ![image](../../_assets/console-icons/ellipsis.svg) next to the app and select **Delete**.
   1. Confirm the app deletion.

1. [Delete](../../dns/operations/zone-delete.md) the public DNS zone.
1. [Delete](../../lockbox/operations/secret-delete.md) the Yandex Lockbox secrets.
1. Delete the VPC [network](../../vpc/operations/network-delete.md) and [subnets](../../vpc/operations/subnet-delete.md).