General question about WordPress cloud security

Posted July 15, 2014 3.1k views

I’ve been working with WordPress using normal ‘shared’ hosting packages with other providers for years. I’m really comfortable with CPanel, setting up databases etc. and everything works fine.

Cloud hosting has always been in the back of my mind, however, and I stumbled across DigitalOcean.

In seconds I was able to install WordPress, I followed a couple of tutorials for putty etc, and got things working - It’s also super quick compared to any shared hosting I’ve worked on before.

My problem is - obviously the speed and the price of everything is great, but I’m sort of left thinking - this is a bit too easy. The thing that has stopped me from using cloud hosting in the past is that obviously it’s a complete learning curve and server administration is not everyone’s cup of tea.

Basically, if I install WordPress as an application on DigitalOcean and sort out the DNS and domain stuff - will that install of WordPress be as safe and secure as something on a shared hosting package with another provider? Would I be better off starting with a blank Ubuntu install, and learn about the intricacies of firewalls etc? Or is the default WordPress 1-click application safe (or as safe as WordPress generally can be anyway!)

Many thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

One of the most important things you can do in order to keep WordPress safe is make sure it is kept up to date. Most websites get compromised by using known exploits that have already been fixed. People scan the internet looking for older versions of software to use the known vulnerabilities.

Keeping everything else on the server up to date is also important. The biggest difference between shared hosting and running your own site, is that you can’t just set it up and walk away. You need to apply security updates regularly.

Some general tips:

by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.

It depends on which cloud hosting provider you choose for your wordpress website, however most of the cloud hosting provider offers below security features with in their package

Basic Security Level
Basic Security level uses data sources to identify potentially malicious visitors to site by IP threat scoring. If the IP has recently shown problematic behavior online, including spam and attacks, then a visitor from that IP would receive a challenge page before they actually hit your website (this is also highly effective at stopping many botnet attacks)

Threat Control
Many WordPress site owners just installed their WordPress site through a few clicks at a hosting provider. Many of these site owners do not know server commands that they can use to restrict access to their site through things like .htaccess, but hosting provider Control panel will let you do many of the same things that you would do in .htaccess through an intuitive interface that will let you either block or whitelist IPs.

Things you can do:

  1. Block an individual IP
  2. Block an IP range
  3. Block a country

Web Application Firewall
This option mostly available as paid, however it is designed to make it harder for someone to penetrate your site (you should still have to follow other security practices).

DDoS protection
Each hosting usually offers basic DDoS protection and advanced DDoS protection, whereas basic will be available freely and advance may need monthly charges.

Hope this helps!

1=>Invest In The Right Web Hosting
*Shared Hosting
*Dedicated Hosting
*VPS Hosting
*Cloud Hosting
*Managed Cloud Hosting
2=>Acquire Scheduled Backups
*Offsite WordPress Backup
*Local WordPress Backup
3=>Make a Strong Password
*Brute Force Attacks
*Google Invisible reCAPTCHA
4=>Limit Login Attempts
*Use Two-Factor Authentication
5=>Change WordPress Login URL and Default Username
*Change WordPress Login URL
*Change WordPress Default Username
*Different WordPress User Roles
6=>Keep WordPress User Updated
*Test New Releases on WordPress Staging Environment
7=>Delete Unused Plugins or Themes
*The right way to Uninstall
8=>Prevent SQL Injection And URL Hacking
*Using .htaccess Rules
9=>Deny Access To Sensitive Files in WordPress
*Use .htaccess to Harden the Security
10=>Hide WordPress version & Change Default Prefix For Database

Altf9 Technology Solutions Pvt.Ltd
5/181, J4A Third Floor
Periyar Street, Medavakkam
Chennai, India
INDIA: +91 8056005901

USA: +1 (845) 576-5295

Australia : +61291880753