Question

How to secure Wordpress one click install?

Hello,

I tried to run a WordPress website on DigitalOcean via the oneclick deployment from the marketplace. And I absolutely love the performance I get from this preconfigured WordPress installation.

However, I have no idea how secure this installation is and how to make & keep it secure for the future.

I did launch create the droplet with a SSH key, and setup HTTPS with the initial script. https://marketplace.digitalocean.com/apps/wordpress

But how do I continue from here?

If possible I like to be able to setup automatic updates so I dont have to worry about updating the software everyweek.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello there,

It is essential to secure your droplet, however running malware software is not definitely a must, but it is still a good thing to do.

I’ll highly recommend checking our tutorial An Introduction to Securing your Linux VPS

https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps

I can recommend using software like Linux Malware Detect which is a malware scanner for Linux.

Hope that this helps

Hi there,

Enabling HTTPS and using SSH keys is a great start!

You can configure automatic updates by using a plugin like this one here:

https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/

Note that if you enable automatic updates, make sure to also have backups for your Droplet. As in some cases if the upgrade is faulty or for example, if your theme or a plugin is not compatible with the new WordPress version, it would be good to have a backup that you can revert to:

https://docs.digitalocean.com/products/images/backups/quickstart/

Additionally, I would recommend following the steps from this tutorial here on how to secure your WordPress installation without a security plugin:

https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin

And if you decide to use a security plugin, Wordfence is a good choice.

Additionally, you could use Cloudflare as a CDN and also as a DDoS protection service.

Hope that this helps!

Best,

Bobby