Fact: a 0.5 second drop in page load can boost conversions by up to 20%, and many sites still leave that speed on the table.
You will get a hands-on tutorial that focuses on real-world tweaks, not vague advice. This guide shows what you need before you begin: server details, OS choices, IP and open ports, domain and database info.
We cover both a managed path with RunCloud and a full manual route so you can pick how hands-on you want to be. You’ll learn which LiteSpeed-specific settings speed a page and which defaults are safer to keep.
By the end you’ll install the CMS, secure SSL, harden file permissions, and validate performance with repeatable tests. Expect clear steps that help your website run faster and stay secure, even if you’re not a full-time sysadmin.
Key Takeaways
- Follow a practical tutorial that prioritizes real settings over theory.
- Prepare server, domain, and database details before starting.
- Choose between a managed route or a manual path based on comfort.
- Apply LiteSpeed cache and optimization settings carefully to avoid breaks.
- Validate results with repeatable performance tests and a checklist.
Why LiteSpeed for WordPress in 2025: speed, caching, and real-world gains
Real-world stress tests now put LiteSpeed ahead in requests per second and fully processed time, and that matters for busy sites. Hostinger’s benchmarks showed higher throughput and lower fully processed times when testing from Lithuania to US servers.
This translates to faster first bytes, steadier delivery under spikes, and better PageSpeed results when you pair server-level caching with the LSCache plugin. Properly configured, that combo can push PageSpeed Insights scores toward perfection on a well-built theme.
LiteSpeed vs Nginx/Apache: what stress tests and PageSpeed scores tell you
Stress tests commonly show LiteSpeed handling more requests per second and serving more megabytes per second. You’ll feel this when traffic surges or pages run intensive queries.
Enterprise vs OpenLiteSpeed: which edition fits your site
Enterprise tracks .htaccess changes without restarts, so it’s ideal for shared hosting and multiple websites. OpenLiteSpeed is open source and lighter for a single website, but it needs a restart to load new .htaccess files.
- Server-level caching reduces work for your system and speeds delivery of anonymous content.
- Event-driven architecture keeps response times low under concurrency.
- Check PHP version compatibility with your theme and plugins — version choices still matter.
Prerequisites and environment checklist before you touch the server
Start by confirming your server image, network address, and that required ports are reachable. This prevents surprises during the browser-based installer and certificate validation.
Server, OS, and network
Use a fresh Ubuntu 18.04 or 20.04 LTS x86_64 with a static public IP. Open ports 22 (SSH), 80 (HTTP), 443 (HTTPS), and 34210 for admin and validation.
Domain and DNS
Create an A record pointing your domain to the server address. Confirm DNS resolves to the new server from your local network before requesting SSL.
Database planning
Decide your database name, a dedicated database user, and a strong password. If you prefer a mysql database flavor, note host and port details.
“Have a fallback plan — provider console access can save you if SSH or firewall changes lock you out.”
- Check PHP version compatibility with your theme and plugins.
- If you will manually install openlitespeed, ensure privileged SSH access and repo availability.
- Store names and credentials in a small secure text file for quick reference during the install step.
How to set up wordpress on litespeed: quick overview
You have two clear paths to reach a fast website: a guided RunCloud install that automates the installation or a manual OpenLiteSpeed build that gives you total control.
Two paths: RunCloud one-click vs manual OpenLiteSpeed
RunCloud connects to your server, installs OpenLiteSpeed automatically, and deploys a WordPress site with LiteSpeed Cache active. It trims the installation time and handles most configuration steps for you.
Manual means you install MariaDB, add PHP extensions (lsphp), configure the External App and PHP handler, write rewrite rules, and use certbot for SSL. You control each server setting.
What you’ll configure either way
- Prepare a database and a dedicated database user.
- Install php with required extensions and map the document root and index page.
- Enable rewrite rules so permalinks work and configure server-level cache with LiteSpeed Cache.
- Request and map an SSL certificate to serve the page over HTTPS from day one.
- Upload WordPress files, set secure permissions, run the browser install, then tune cache settings and validate speed with repeatable tests.
Tip: choose speed-to-launch with RunCloud or full configuration control with manual install — both can deliver a high-performance site.
Fast-track deployment: RunCloud + OpenLiteSpeed + 1‑Click WordPress
If you want the fastest route to a live site, RunCloud’s 1‑Click deploy gets the job done in minutes. Start by connecting your server via IP in the RunCloud dashboard and choose the OpenLiteSpeed stack for best WordPress performance.
Connect your server and choose the stack
Log into RunCloud, click the get started button, and add your server address. Pick OpenLiteSpeed as the web server option and begin the installation process.
Create the Web App and admin account
Create a Web App using the 1‑Click installer. Fill in the site name, admin username and a strong password, plus a working email. Keep those credentials handy to access wp-admin later.
Enable cache, map domain, and issue SSL
Enable the LiteSpeed Cache plugin during installation so server-level caching is pre-wired. Add your domain under Web App > Domains and create an A record pointing to your server’s IP.
- Issue a free Let’s Encrypt certificate from the SSL tab — RunCloud automates verification.
- Use the dashboard for ongoing management tasks like staging, cloning, and backups.
- After install, open your site page and the admin area to confirm the installation is complete and snappy.
Note: This path gives fast installation and a clean control panel while you run a high-performance web server.
Manual path: install OpenLiteSpeed, PHP, and MariaDB the right way
For hands-on admins, installing the stack manually gives precise control over performance and security. This section lists the exact commands and configuration choices to create a reliable backend for your website.
Install and secure MariaDB, then create database and database user
Update packages first with sudo apt update. Then install MariaDB: sudo apt install mariadb-server.
Run the secure wizard: sudo mysql_secure_installation. Answer Y to remove anonymous users, disallow remote root, remove test DB, and reload privileges.
Create the mysql database and user with the following command sequence:
sudo mysql
CREATE DATABASE wordpress;
GRANT ALL ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT;Install required PHP extensions for WordPress support
Install lsphp packages needed by WordPress with this following command:
sudo apt install lsphp74-common lsphp74-curl lsphp74-imap \
lsphp74-json lsphp74-mysql lsphp74-opcache lsphp74-imagick \
lsphp74-memcached lsphp74-redisConfigure OpenLiteSpeed: External App, PHP handler, and rewrite rules
In the admin UI go to Server Configuration > External App. Create an lsphp74 app using socket uds://tmp/lshttpd/lsphp74.sock and binary $SERVER_ROOT/lsphp74/bin/lsphp.
Document root, index.php, and virtual hosts for your wordpress directory
Open Virtual Hosts > General. Set Document Root to $VH_ROOT/html/wordpress and add index.php at the front of Index Files.
In the Rewrite tab enable Rewrite and Auto Load from .htaccess, then restart the web server from the admin to apply changes.
Tip: Record each command and path so you can reproduce this configuration or troubleshoot later.
WordPress files, permissions, and the browser-based installation
Get the core files into the correct directory and apply tight permissions so the browser install runs smoothly.
Download core and secure the document directory
On the server, change to your document root and fetch the archive:
cd /usr/local/lsws/Example/html; wget https://wordpress.org/latest.tar.gz; tar xvfz latest.tar.gz
This creates the wordpress directory you mapped earlier. Next apply ownership so the web process can access the file tree:
sudo chown -R nobody:nogroup /usr/local/lsws/Example/html/wordpress
Apply safe file modes and extract permissions
Restrict directories and files with these commands so uploads and updates work without exposing the site:
sudo find /usr/local/lsws/Example/html/wordpress/ -type d -exec chmod 750 {} \;
sudo find /usr/local/lsws/Example/html/wordpress/ -type f -exec chmod 640 {} \;
Run the browser installer and finish the installation
Open your browser to your domain or server IP to launch the installation wizard. Enter your database name, database user, and database password. Keep Database Host as localhost for most single-server deployments.
Change the default table prefix from wp_ to something unique to cut automated probing risks. Complete the form, create an admin user, and log in to the dashboard.
- Download core into the document root so files land in the wordpress directory you mapped.
- Use nobody:nogroup ownership and directory 750 / file 640 permissions to limit exposure.
- If uploads or updates fail, revisit ownership and the directory modes and apply changes.
| Command | Purpose | When to use | Notes |
|---|---|---|---|
| wget + tar | Download and extract core files | Before running installer | Creates /wordpress directory |
| chown -R nobody:nogroup | Set ownership for web process | After extraction | Makes server the owner without root access |
| find … -type d -exec chmod 750 | Secure directories | Immediately after chown | Keeps directories executable by owner only |
| find … -type f -exec chmod 640 | Restrict file read/write | After directory permission changes | Prevents public read; allows server access |
Quick tip: If you want a hands-on manual reference for the server portion, consult this manual OpenLiteSpeed guide for full commands and mapping notes.
Real LiteSpeed Cache settings that move the needle
Tuning LSCache is about safe, high-impact changes that cut database queries and speed page delivery.
General: enable Automatic Upgrade and request a Domain Key to unlock QUIC.cloud. Turn on Guest Mode to deliver a fast first view. Add Guest Optimization only if your server can run background jobs without strain. Put your server IP into the plugin if it asks so internal fetches avoid extra latency.
Cache tab essentials
Keep Cache enabled. Toggle Cache REST API, Cache Login Page, favicon.ico, and PHP Resources to ON for quick wins. Leave Cache Logged-in Users and Cache Commenters OFF unless your site needs role-based caching. Keep Cache Mobile OFF unless you truly serve different mobile content.
TTL, Purge, Excludes, and ESI
Use default TTLs unless content needs fresher values. Enable purge on plugin or theme upgrades and consider server-stale for heavy traffic. Exclude carts, checkouts, and custom dashboards. Use ESI to fragment private and public content.
Object and Browser cache
Enable Redis or Memcached to cut database trips. Pair object caching with browser cache for client-side wins on repeat visits.
“After changes, watch hit/miss ratios in the dashboard and validate the page for visual regressions.”
| Area | Recommended | Risk |
|---|---|---|
| General | Auto-upgrade, Domain Key, Guest Mode | Use Guest Optimization only if server has capacity |
| Cache tab | REST API, Login, favicon, PHP ON | Logged-in users and Mobile may break dynamic content |
| Advanced | ESI, Excludes, Purge on upgrades | Incorrect ESI fragments can expose private content |
Image optimization that’s safe and effective
Images can make or break your page load. Start with a simple workflow that keeps originals, runs cloud processing, and verifies results. This approach protects visual quality while cutting payload across your website.
Domain key and automated jobs
Request a domain key first so QUIC.cloud can process images for your domain. Run Gather Image Data, then Send Optimization Request. Enable Auto Request Cron and Auto Pull Cron to handle new uploads automatically.
Compression, EXIF, and WebP
Use lossless compression to keep images sharp while reducing file size. Disable Preserve EXIF/XMP unless you need metadata. Create WebP versions and enable Image WebP Replacement so modern browsers get smaller files without manual edits.
Backups and recovery
Keep Optimize Original Images ON to save backups. Leave Remove Original Backups OFF by default until you confirm space needs. If jobs stall, clean unfinished data and re-queue from the dashboard. Spot-check hero sliders and galleries after changes to avoid broken references or layout shifts.
- Watch hit/miss and job status in the dashboard.
- Use WebP for extra srcset so responsive templates benefit.
- Retest key pages and monitor cumulative layout shift after changes.
Page optimization: CSS/JS/HTML settings without breaking your theme
Careful front-end tweaks often give the biggest page wins with the least risk. Make one change at a time and validate each result so your site stays usable.
CSS minify, combine, and UCSS best practices
Turn CSS minify ON for an easy size drop. That usually improves the page without layout risk.
Keep Combine OFF in most cases. HTTP/2 handles many small files well, and combining can hide which file causes a problem.
Only enable Generate UCSS or UCSS Inline if you also combine CSS. Otherwise stick with the default flow to avoid styling glitches.
JS minify/defer and HTML minify guidance
Defer and minify JS, but test interactive elements like menus, sliders, and checkout flows. One broken file can hurt conversions.
HTML minify is typically safe and gives small gains — turn it on and move on.
“If a page breaks, roll back the last change and test smaller steps to find the culprit.”
Test, purge cache, and validate repeatedly
Always purge cache after changing optimization settings. Run GTmetrix and PageSpeed multiple times because the first run may not reflect warmed caches.
Watch for flicker (FOUC/FOIT) and cumulative layout shift. Use async, preload, and defer carefully to stabilize above-the-fold content.
| Area | Recommended setting | Risk / Note |
|---|---|---|
| CSS | Minify ON, Combine OFF, UCSS only with Combine | Combining can complicate debugging |
| JS | Minify + Defer (test interactions) | May break menus or checkout if deferred incorrectly |
| HTML | Minify ON | Safe, small gains |
| Advanced | Instant Click — use cautiously | Can inflate analytics and preloads |
- Track before/after waterfalls in GTmetrix to prove gains.
- Document stable settings so you can restore them after theme updates or server changes.
- If a page breaks, revert one setting at a time until you find the exact file or rule causing the issue.
HTTPS done right: Certbot SSL and OpenLiteSpeed listener mapping
A correct certificate workflow prevents downtime and keeps your site reachable over HTTPS. First confirm the domain A record points to the server address. Challenges will fail if DNS does not resolve to the right address.
Issue certificates with certbot certonly –webroot
Update packages and install Certbot before requesting a cert: sudo apt update and sudo apt install certbot.
Run the following command to request files-based validation: sudo certbot certonly –webroot. Enter your email, agree to terms, add your domain name, and give the web root path (for example: /usr/local/lsws/Example/html/wordpress/).
Map certificates in the Virtual Host SSL tab and add a 443 listener
Certificates land in /etc/letsencrypt/live/your-domain/. In the Virtual Host SSL configuration paste:
- Private Key File: /etc/letsencrypt/live/your-domain/privkey.pem
- Certificate File: /etc/letsencrypt/live/your-domain/fullchain.pem
Enable chained certs and click save in the UI. Create an SSL listener (name it SSL, IP Any, port 443, Secure = Yes), map your virtual hosts to the listener, then click save again.
Restart, verify in browser, and force HTTPS
Restart the web server to apply the configuration. Open your site in multiple browsers and devices to confirm a valid padlock and correct chain.
Tip: Force HTTPS with a 301 rewrite or update the Site Address in WordPress so search engines and users land on the secure URL.
Conclusion
,Finish this guide by choosing the route that matches your comfort: a fast hosted flow or a hands‑on server build to get started.
Follow the tutorial in order: prep the server, map your domain, install the core files, configure cache settings, then optimize images and page assets. Keep a short checklist of must‑do settings and verify each page type after changes so you catch issues early.
Don’t forget the basics: strong admin names and passwords, correct site and home address, and a backup before major updates. After any theme or plugin version change, re-test and adjust settings as needed.
Use your control panel or the admin UI to click save on config changes, then re‑run performance tests. As traffic grows, add object caching (Redis or Memcached) and a CDN to keep your website fast worldwide.
This practical path—either RunCloud’s one‑click flow or a manual build—gives your WordPress site a real speed advantage. Get started today and keep iterating for steady gains.
FAQ
How do I choose between OpenLiteSpeed and the commercial LiteSpeed Enterprise edition?
Pick OpenLiteSpeed if you want a free, high-performance server with a strong feature set for most sites. Choose LiteSpeed Enterprise when you need official support, QUIC.cloud advanced features, HTTP/3 at scale, or compatibility with certain proprietary control panels. Consider traffic volume, budget, and whether you need vendor support.
What server OS and IP setup should I use before starting the installation?
Use a current Ubuntu LTS release with a static public IP. Open ports 22 for SSH, 80 and 443 for HTTP/HTTPS, and any control-panel ports you plan to use. Verify reverse DNS and make sure your domain’s A record points to that IP before running the browser-based install wizard.
How do I create a secure MariaDB or MySQL database and user for the site?
Install MariaDB, run mysql_secure_installation, then create the database and a dedicated user with a strong password. Grant only necessary privileges (typically ALL on the WP database) and avoid using root for application access. Store credentials in a protected config file and back them up securely.
Which PHP version and extensions do I need for modern sites?
Use PHP 8.0 or newer (8.1/8.2 recommended). Install extensions like mysqli, pdo_mysql, mbstring, curl, gd or imagick, zip, xml, intl, and opcache. Configure a PHP handler in OpenLiteSpeed (LSAPI) and tune memory_limit, max_execution_time, and upload_max_filesize to match your site’s needs.
Can I use a control panel like RunCloud to speed up deployment?
Yes. RunCloud and similar panels let you provision a server, install OpenLiteSpeed, and create a web app in minutes. You’ll enter site name, admin username/password, and email. Panels also automate SSL issuance, domain mapping, and enable the LiteSpeed Cache plugin during setup.
What virtual host and document root settings should I apply for the WordPress directory?
Point the virtual host’s document root to your WordPress directory (the folder with index.php). Ensure rewrite rules are in place for pretty permalinks, and set proper owner and permissions so the web server user can read/write uploads while keeping wp-config.php secure.
Which LiteSpeed Cache settings give the biggest real-world performance gains?
Enable page cache, object cache (Redis or Memcached), and browser cache. Use QUIC.cloud domain key if you plan to use image optimization or CDN. Be cautious with aggressive JS/CSS combination—test thoroughly. TTL, purge rules, and ESI can help dynamic content without breaking personalized pages.
How should I handle image optimization without risking data loss?
Use lossless compression and create WebP copies while keeping originals until you confirm site layout. Enable EXIF stripping if you don’t need metadata. Use a backup strategy (remote or local) before bulk replacing files so you can restore originals if an automated optimization causes issues.
What rewrite rules and PHP handler configuration are required in OpenLiteSpeed?
Configure an External App for LSAPI, set the script handler to match your PHP binary, and add rewrite rules for WordPress permalinks (usually a standard pattern that routes requests to index.php). Test with a fresh permalink save in the admin to ensure rewrites work.
How do I issue and map a Let’s Encrypt certificate with OpenLiteSpeed?
Use certbot with certonly –webroot and point webroot to your site’s document root, or let a control panel handle issuance. In OpenLiteSpeed, map the certificate files to the virtual host SSL tab and add a 443 listener. Restart or reload the server and verify HTTPS in the browser, then force HTTPS sitewide.
What file permissions should I set after extracting WordPress core files?
Set directories to 755 and files to 644 for most hosts. Make uploads writable by the web server (usually 755 for directories, 644 for files, with ownership set to the web user). Protect wp-config.php with stricter permissions (440 or 600) when supported by your hosting environment.
How do object cache and browser cache choices affect dynamic content?
Object cache (Redis/Memcached) speeds up database-heavy operations without caching full HTML. Browser cache reduces repeated downloads for static assets. For dynamic, personalized pages, use ESI or cache exclusions so user-specific content isn’t served from page cache while still benefiting from cached static portions.
How should I test CSS/JS/HTML optimizations safely?
Make changes in a staging environment first. Enable one optimization at a time (minify, defer, combine), purge cache, and re-run PageSpeed and GTmetrix tests. Check interactive elements and theme behavior in multiple browsers and devices to ensure nothing breaks.
What’s the recommended process for running the WordPress browser-based installer?
Place WordPress files in the document root, ensure the database and user exist, then visit your domain to start the installer. Enter database host, name, user, and password, choose a secure admin username/email/password, and set a non-default table prefix if you want extra security.
How do I keep the admin area and REST API safe while using aggressive caching?
Exclude /wp-admin/, /wp-login.php, and REST API endpoints from page cache. Use guest mode or login detection features in the cache plugin so authenticated users see fresh content. Implement rate limiting and 2FA on the admin account for added protection.
