DigitalOcean

Report this

What is the reason for this report?
Question

How to secure Wordpress one click install?

Posted on August 22, 2022
WordPress
Lau Dijksterhuis

By Lau Dijksterhuis

Hello,

I tried to run a WordPress website on DigitalOcean via the oneclick deployment from the marketplace. And I absolutely love the performance I get from this preconfigured WordPress installation.

However, I have no idea how secure this installation is and how to make & keep it secure for the future.

I did launch create the droplet with a SSH key, and setup HTTPS with the initial script. https://marketplace.digitalocean.com/apps/wordpress

But how do I continue from here?

If possible I like to be able to setup automatic updates so I dont have to worry about updating the software everyweek.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
August 23, 2022

Hi there,

Enabling HTTPS and using SSH keys is a great start!

You can configure automatic updates by using a plugin like this one here:

https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/

Note that if you enable automatic updates, make sure to also have backups for your Droplet. As in some cases if the upgrade is faulty or for example, if your theme or a plugin is not compatible with the new WordPress version, it would be good to have a backup that you can revert to:

https://docs.digitalocean.com/products/images/backups/quickstart/

Additionally, I would recommend following the steps from this tutorial here on how to secure your WordPress installation without a security plugin:

https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin

And if you decide to use a security plugin, Wordfence is a good choice.

Additionally, you could use Cloudflare as a CDN and also as a DDoS protection service.

Hope that this helps!

Best,

Bobby

0
alexdo
alexdo
August 30, 2022

Hello there,

It is essential to secure your droplet, however running malware software is not definitely a must, but it is still a good thing to do.

I’ll highly recommend checking our tutorial An Introduction to Securing your Linux VPS

https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps

I can recommend using software like Linux Malware Detect which is a malware scanner for Linux.

Hope that this helps

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.