Self-Host WordPress with Greffon
WordPress runs a huge slice of the web, and almost none of it is owned by the people who write on it. Here is the honest setup for WordPress on a greffer you control.
WordPress powers a large slice of the web, from one-person blogs to small stores. Most of those sites live on someone else's hosting, where the plan, the uptime, and the data all sit behind an account you rent. Self-hosting flips that: the CMS, the database, and the uploads all live on a machine you own. Greffon takes the fiddly plumbing off your plate so you can get there without hand-writing a compose file.
Why own the site
WordPress is the world's most popular CMS: a blog, a brochure site, or with WooCommerce a small store, all from the same codebase and a deep plugin ecosystem. Grafting it onto a greffer means the posts, the media library, and the database sit on your hardware, not on a host that can change its terms or its prices under you.
The tradeoff is that the parts a managed host quietly handles, updates, backups, and uptime, become yours. None of them are hard, but they are real, and the rest of this post is about meeting them honestly rather than pretending they vanish.
Graft it from the catalog
On a greffer, you do not assemble a web server, a PHP runtime, a database, and a reverse proxy by hand. Pick WordPress from the catalog and graft it onto your greffer. Greffon issues the certificate and routes the app, so it comes up reachable over HTTPS from the first start. The authentication keys and salts WordPress uses to sign its cookies are generated for you as secrets, so you are not pasting them in by hand.
Claim the admin account fast
This is the sharp edge specific to WordPress, and it is easy to miss. On first visit, WordPress runs its install wizard, and that wizard is where the admin account gets created. There is no pre-set login. Whoever reaches the wizard first claims the admin account.
Reach it from anywhere
A public site is only a site if the public can reach it. On the same network as your greffer it works the moment it starts. To serve it to the open internet you have two honest options.
The simplest is tunnel mode: a greffer connects outbound to the manager's tunnel and serves its apps over HTTPS without opening a single inbound port, which is the answer for a box behind NAT or CGNAT with no public IP. If you would rather expose the greffer directly, point a domain at it with port forwarding plus dynamic DNS. WordPress is plain HTTP under the hood, so either path carries it without any special handling.
Email needs an SMTP plugin
WordPress core has no built-in mail. Password resets, comment notifications, and contact-form messages all rely on outbound email, and out of the box that quietly fails. The fix is an SMTP plugin (WP Mail SMTP and similar) pointed at a mail provider you already use. Set this up before you need a password reset, not after you are locked out waiting for one.
Storage and backups
A WordPress site has two things worth protecting: the database (your posts, pages, and settings) and the uploads directory (your media library). Both grow over time, and a busy media library is usually the larger of the two, so keep an eye on disk on the greffer as the site fills out.
Greffon handles TLS and routing today, and native one-click backups are coming in M2. Until then, bring your own backup tool (restic or borgbackup are the usual choices), back up the WordPress data on a schedule, and store a copy off the greffer.
Keep it always-on
A public site has to be up when a visitor arrives, which is at any hour. Run it on an always-on greffer, a small VPS, a mini-PC, or a free Oracle Cloud box, rather than a laptop that sleeps at night. The Oracle walkthrough is a good place to get a greffer running before you graft WordPress onto it.