Don’t let your WordPress host become a security nightmare
When it comes to WordPress, there are TONS of options out there for hosting. Almost every option that supports running PHP seems to also support installing WordPress.
It’s relatively trivial to install a WordPress site on a PHP capable server. At most, you can follow WordPress’ own 5-minute instructions, which covers downloading the packages, loading them on your server, and then running WordPress.
Of course, these “5-minute” methods, for whatever reason, always seem to lead to hours of headaches… Often, for silly reasons... It’s usually not worth the headache, even with the 5-minute promise.
That’s why WordPress hosting providers typically also have the 1-Click install options. You might as well just use the hosting providers option to install WordPress and then be on your marry way. It is quite a bit easier and convenient after-all.
But, what might you be missing?
If you are using a basic hosting option, such as a DigitalOcean droplet or Vultr, then you will certainly be able to install WordPress with 1-click; but, your host server is likely in need of some adjustments in order to make your WordPress site more secure.
To ensure good security protocols are configured on your host server, you will want to check out various Server Management Console options that are available as they typically install extra security measures on your server to make them more secured when compared to using just a basic Digital Ocean or Vultr VPS (virtual private server).
Beef up your host server’s security measures
The server management tool Cleaver installs and configures the following measures on top of your DigitalOcean VPS, providing added security —
- Installs fail2ban — an intrusion prevention framework that helps prevent servers from brute-force attacks
- Configures Uncomplicated Firewall (UFW) — a firewall config tool that comes standard with Ubuntu, by opening ports 80, 443, and 22 and denying all other incoming connections and enables logging
- Sets up SSH private and public keys to allow for secured remote connections
Further to the above, Cleaver also supports site isolation, which allows you to assign a WordPress site to a single server user, which helps security by giving limited access to the WordPress site on your server. This way, if you have multiple WordPress sites being hosted on a single server, then you can help reduce the occurrences of one site potentially mucking with another.
Cleaver also has an option to 1-Click install WordPress as well as offers free SSL Certificates using Let’s Encrypt, providing even more necessary security measures to your WordPress website.
PUBLIC SERVICE REMINDER: Don’t just give blanket, root access to a plugin that you install. Plugins pose HUGE security liabilities. Don’t blindly trust a plugin that say it needs root or sudo access.
Please keep security top of mind for your WordPress websites. There are quite a few solutions, options, plugins, etc out there that are full of security vulnerabilities.
