How to secure WordPress server on Ubuntu 18.04 when starting from scratch

I’m planning on spending the time and setting up an Ubuntu server 18.04 for a WordPress website, but I want to make sure the installation is secure as the One-Click WordPress droplet offered by DigitalOcean.

So, besides the enabling the firewall and using the wp fail2ban plugin do I need anything else to have a secure server online?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi @mhweb,

You may enable a couple of things on your server to make it secure,

  1. Setup new user and disable root login via SSH.
  2. Disable Password Authentication, always use SSH tunnel.
  3. Secure Mysql server
  4. Secure Phpmyadmin (If you’re using)
  5. Setup firewall to enabled and disable inbound and outbound network connections, (You should use Cloudflare as it provides additional securities including Firewall, DDOS protection)

If you’ll use the Cloudflare, no one could easily know your real IP address, However, it is possible to know, but it is like an extra layer of security.

Never open all network ports, use only selected port.

Hello, @mhweb

There are other tweaks that you can implement in order to tight up the security. You can disable the PasswordAuthentication and also limit the root login to a certain amount of IP addresses. Tweak IP tables as well as using fail2ban and UFW.

I will recommend you to check this tutorial on how to secure your Linux VPS:

Hope this helps!

Regards, Alex