Hello,
I tried to run a WordPress website on DigitalOcean via the oneclick deployment from the marketplace. And I absolutely love the performance I get from this preconfigured WordPress installation.
However, I have no idea how secure this installation is and how to make & keep it secure for the future.
I did launch create the droplet with a SSH key, and setup HTTPS with the initial script. https://marketplace.digitalocean.com/apps/wordpress
But how do I continue from here?
If possible I like to be able to setup automatic updates so I dont have to worry about updating the software everyweek.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello there,
It is essential to secure your droplet, however running malware software is not definitely a must, but it is still a good thing to do.
I’ll highly recommend checking our tutorial An Introduction to Securing your Linux VPS
https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
I can recommend using software like Linux Malware Detect which is a malware scanner for Linux.
Hope that this helps
Hi there,
Enabling HTTPS and using SSH keys is a great start!
You can configure automatic updates by using a plugin like this one here:
https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/
Note that if you enable automatic updates, make sure to also have backups for your Droplet. As in some cases if the upgrade is faulty or for example, if your theme or a plugin is not compatible with the new WordPress version, it would be good to have a backup that you can revert to:
https://docs.digitalocean.com/products/images/backups/quickstart/
Additionally, I would recommend following the steps from this tutorial here on how to secure your WordPress installation without a security plugin:
https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin
And if you decide to use a security plugin, Wordfence is a good choice.
Additionally, you could use Cloudflare as a CDN and also as a DDoS protection service.
Hope that this helps!
Best,
Bobby