By nintynathan
I’ve been working with WordPress using normal ‘shared’ hosting packages with other providers for years. I’m really comfortable with CPanel, setting up databases etc. and everything works fine.
Cloud hosting has always been in the back of my mind, however, and I stumbled across DigitalOcean.
In seconds I was able to install WordPress, I followed a couple of tutorials for putty etc, and got things working - It’s also super quick compared to any shared hosting I’ve worked on before.
My problem is - obviously the speed and the price of everything is great, but I’m sort of left thinking - this is a bit too easy. The thing that has stopped me from using cloud hosting in the past is that obviously it’s a complete learning curve and server administration is not everyone’s cup of tea.
Basically, if I install WordPress as an application on DigitalOcean and sort out the DNS and domain stuff - will that install of WordPress be as safe and secure as something on a shared hosting package with another provider? Would I be better off starting with a blank Ubuntu install, and learn about the intricacies of firewalls etc? Or is the default WordPress 1-click application safe (or as safe as WordPress generally can be anyway!)
Many thanks Nathan
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
It depends on which cloud hosting provider you choose for your wordpress website, however most of the cloud hosting provider offers below security features with in their package
Basic Security Level Basic Security level uses data sources to identify potentially malicious visitors to site by IP threat scoring. If the IP has recently shown problematic behavior online, including spam and attacks, then a visitor from that IP would receive a challenge page before they actually hit your website (this is also highly effective at stopping many botnet attacks)
Threat Control Many WordPress site owners just installed their WordPress site through a few clicks at a hosting provider. Many of these site owners do not know server commands that they can use to restrict access to their site through things like .htaccess, but hosting provider Control panel will let you do many of the same things that you would do in .htaccess through an intuitive interface that will let you either block or whitelist IPs.
Things you can do:
- Block an individual IP
- Block an IP range
- Block a country
Web Application Firewall This option mostly available as paid, however it is designed to make it harder for someone to penetrate your site (you should still have to follow other security practices).
DDoS protection Each hosting usually offers basic DDoS protection and advanced DDoS protection, whereas basic will be available freely and advance may need monthly charges.
Hope this helps!
One of the most important things you can do in order to keep WordPress safe is make sure it is kept up to date. Most websites get compromised by using known exploits that have already been fixed. People scan the internet looking for older versions of software to use the known vulnerabilities.
Keeping everything else on the server up to date is also important. The biggest difference between shared hosting and running your own site, is that you can’t just set it up and walk away. You need to apply security updates regularly.
Some general tips:
Hey there! 👋
For securing WordPress without plugins, this guide is a great starting point: How to Secure WordPress Without a Security Plugin.
If you’re managing multiple WordPress sites, check out WP Guardian—it simplifies security across droplets with centralized management, continuous vulnerability monitoring, and flexible updates, all without impacting performance.
- Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.