Question

How to secure Wordpress one click install?

Hello,

I tried to run a WordPress website on DigitalOcean via the oneclick deployment from the marketplace. And I absolutely love the performance I get from this preconfigured WordPress installation.

However, I have no idea how secure this installation is and how to make & keep it secure for the future.

I did launch create the droplet with a SSH key, and setup HTTPS with the initial script. https://marketplace.digitalocean.com/apps/wordpress

But how do I continue from here?

If possible I like to be able to setup automatic updates so I dont have to worry about updating the software everyweek.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdo
Site Moderator
Site Moderator badge
August 30, 2022

Hello there,

It is essential to secure your droplet, however running malware software is not definitely a must, but it is still a good thing to do.

I’ll highly recommend checking our tutorial An Introduction to Securing your Linux VPS

https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps

I can recommend using software like Linux Malware Detect which is a malware scanner for Linux.

Hope that this helps

Bobby Iliev
Site Moderator
Site Moderator badge
August 23, 2022

Hi there,

Enabling HTTPS and using SSH keys is a great start!

You can configure automatic updates by using a plugin like this one here:

https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/

Note that if you enable automatic updates, make sure to also have backups for your Droplet. As in some cases if the upgrade is faulty or for example, if your theme or a plugin is not compatible with the new WordPress version, it would be good to have a backup that you can revert to:

https://docs.digitalocean.com/products/images/backups/quickstart/

Additionally, I would recommend following the steps from this tutorial here on how to secure your WordPress installation without a security plugin:

https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin

And if you decide to use a security plugin, Wordfence is a good choice.

Additionally, you could use Cloudflare as a CDN and also as a DDoS protection service.

Hope that this helps!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up