General question about WordPress cloud security

I’ve been working with WordPress using normal ‘shared’ hosting packages with other providers for years. I’m really comfortable with CPanel, setting up databases etc. and everything works fine.

Cloud hosting has always been in the back of my mind, however, and I stumbled across DigitalOcean.

In seconds I was able to install WordPress, I followed a couple of tutorials for putty etc, and got things working - It’s also super quick compared to any shared hosting I’ve worked on before.

My problem is - obviously the speed and the price of everything is great, but I’m sort of left thinking - this is a bit too easy. The thing that has stopped me from using cloud hosting in the past is that obviously it’s a complete learning curve and server administration is not everyone’s cup of tea.

Basically, if I install WordPress as an application on DigitalOcean and sort out the DNS and domain stuff - will that install of WordPress be as safe and secure as something on a shared hosting package with another provider? Would I be better off starting with a blank Ubuntu install, and learn about the intricacies of firewalls etc? Or is the default WordPress 1-click application safe (or as safe as WordPress generally can be anyway!)

Many thanks Nathan

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

1=>Invest In The Right Web Hosting *Shared Hosting *Dedicated Hosting *VPS Hosting *Cloud Hosting *Managed Cloud Hosting 2=>Acquire Scheduled Backups *Offsite WordPress Backup *Local WordPress Backup 3=>Make a Strong Password *Brute Force Attacks *Google Invisible reCAPTCHA 4=>Limit Login Attempts *Use Two-Factor Authentication 5=>Change WordPress Login URL and Default Username *Change WordPress Login URL *Change WordPress Default Username *Different WordPress User Roles 6=>Keep WordPress User Updated *Test New Releases on WordPress Staging Environment 7=>Delete Unused Plugins or Themes *The right way to Uninstall 8=>Prevent SQL Injection And URL Hacking *Using .htaccess Rules 9=>Deny Access To Sensitive Files in WordPress *Use .htaccess to Harden the Security 10=>Hide WordPress version & Change Default Prefix For Database

Altf9 Technology Solutions Pvt.Ltd 5/181, J4A Third Floor Periyar Street, Medavakkam Chennai, India Pincode:600100. INDIA: +91 8056005901

USA: +1 (845) 576-5295

Australia : +61291880753

It depends on which cloud hosting provider you choose for your wordpress website, however most of the cloud hosting provider offers below security features with in their package

Basic Security Level Basic Security level uses data sources to identify potentially malicious visitors to site by IP threat scoring. If the IP has recently shown problematic behavior online, including spam and attacks, then a visitor from that IP would receive a challenge page before they actually hit your website (this is also highly effective at stopping many botnet attacks)

Threat Control Many WordPress site owners just installed their WordPress site through a few clicks at a hosting provider. Many of these site owners do not know server commands that they can use to restrict access to their site through things like .htaccess, but hosting provider Control panel will let you do many of the same things that you would do in .htaccess through an intuitive interface that will let you either block or whitelist IPs.

Things you can do:

  1. Block an individual IP
  2. Block an IP range
  3. Block a country

Web Application Firewall This option mostly available as paid, however it is designed to make it harder for someone to penetrate your site (you should still have to follow other security practices).

DDoS protection Each hosting usually offers basic DDoS protection and advanced DDoS protection, whereas basic will be available freely and advance may need monthly charges.

Hope this helps!

One of the most important things you can do in order to keep WordPress safe is make sure it is kept up to date. Most websites get compromised by using known exploits that have already been fixed. People scan the internet looking for older versions of software to use the known vulnerabilities.

Keeping everything else on the server up to date is also important. The biggest difference between shared hosting and running your own site, is that you can’t just set it up and walk away. You need to apply security updates regularly.

Some general tips: