WordPress Sites

Now that you have Trellis' requirements installed and a local project set up, the next thing to do is configure a WordPress site.

Everything in Trellis is built around the concept of "sites". Each Trellis managed server (local virtual machine or remote server) can support one or more WordPress sites. Trellis will automatically configure everything needed to host a WordPress site such as databases, Nginx vhosts, folder directories, etc.

These sites are configured in YAML files for each environment such as group_vars/development/wordpress_sites.yml.

There are two components and places to configure sites:

  • Normal settings in group_vars/development/wordpress_sites.yml
  • Passwords/secrets in group_vars/development/vault.yml

Normal settings

wordpress_sites is a top-level dictionary used to define all the sites you want. Here's an absolute bare-minimum site as an example for development:

# group_vars/development/wordpress_sites.yml
      - canonical: example.dev
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    admin_email: admin@example.dev
      enabled: false
      enabled: false
      enabled: false

Each site starts with a "key" (example.com in this case). Trellis uses the key internally as the name of the site and as a default value in a lot of variables. We recommend naming your sites after their domain so it's descriptive.

Nested under the name/key are the site's variables which are for that site only. You only need to define a variable/setting if you want to overwrite the default value which can be found below.


When you add/edit a site inwordpress_sites.yml, you also need to edit vault.yml for the accompanying site/key. vault.yml simplifies use of the Ansible Vault encryption feature for specific files. You never want to include plain-text passwords in a Git repository so we make it easier to optionally encrypt the vault.yml file while leaving the normal settings separate. See Vault for more information on this.

#  group_vars/development/vault.yml
    admin_password: admin
      db_password: example_dbpassword

Notice the matching site keys in both wordpress_sites and vault_wordpress_sites for example.com.

For a complete working example of a real-life WordPress site, you can view the config files for roots-example-project.com.



  • site_hosts - List of hosts that Nginx will listen on. At least one is required. Each host item must specify a canonical host and may optionally specify a list of corresponding redirects (hosts). Remember to set up DNS for every host listed. (required)
# minimum required
    - canonical: example.com

# multiple hosts and redirects are possible
    - canonical: example.com
        - www.example.com
        - site.com
    - canonical: example.co.uk
        - www.example.co.uk
  • local_path - path targeting Bedrock-based site directory (required)
  • current_path - symlink to latest release (default: current)
  • db_create - whether to auto create a database or not (default: true)
  • packagist_token - Token to use to authenticate with Packagist.com for private Composer repositories (optional)
  • ssl - SSL options. See the SSL docs
  • multisite - Multisite options. See the Multisite docs
  • cache - Nginx FastCGI cache options. See the Cache docs
  • env - environment variables
    • disable_wp_cron - Disable WP cron and use system's (default: true)
    • wp_home - WP_HOME constant (default: <protocol>://${HTTP_HOST})
    • wp_siteurl - WP_SITEURL constant (default: ${WP_HOME}/wp)
    • wp_env - environment (default: env via Ansible)
    • db_name - database name (default: <site name>_<env>)
    • db_user - database username (default: <site name>)
    • db_password - database password (required, in vault.yml)
    • db_host - database hostname (default: localhost)
    • db_user_host - hostname or ip range used to restrict connections to database (default: localhost)


  • site_install - whether to install WordPress or not (default: true)
  • site_title - WP site title (default: site name)
  • admin_user - WP admin user name (default: admin)
  • admin_email - WP admin email address (required)
  • admin_password - WP admin user password (required in vault.yml)
  • initial_permalink_structure - permalink structure applied at time of WP install (default: /%postname%/)

Remote servers

  • repo - URL of the Git repo of your Bedrock project (required)
  • repo_subtree_path - relative path to your Bedrock/WP directory in your repo (above) if its not the root (like site/ in roots-example-project)
  • branch - the branch name, tag name, or commit SHA1 you want to deploy (default: master)
  • env - environment variables
    • auth_key - Generate (required in vault.yml)
    • secure_auth_key - Generate (required in vault.yml)
    • logged_in_key - Generate (required in vault.yml)
    • nonce_key - Generate (required in vault.yml)
    • auth_salt - Generate (required in vault.yml)
    • secure_auth_salt - Generate (required in vault.yml)
    • logged_in_salt - Generate (required in vault.yml)
    • nonce_salt - Generate (required in vault.yml)