DigitalOcean

Report this

What is the reason for this report?
Question

Security measures

Posted on April 11, 2017
Nginx
Security
Ubuntu 16.04
WordPress
Anand Arun

By Anand Arun

Hi!

I have taken the basic security measures concerning my droplet. Let’sencrypt, Firewall and also for updates and installations in Wordpress. A plugin like Wordfence is still needed after that?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Anand Arun
Anand Arun
April 12, 2017

Hey, @hansen, @jtittle, @sierracircle

Thanks for your contribution. I’ll study them and come back for any doubts i may encounter.

All the best!

0
Flamber Hansen
Flamber Hansen
April 11, 2017

Hi @Areku

Let’s break it down :-)

Let’s Encrypt - will only give protection against man-in-the-middle attacks, where someone sniffs the username/password when you for instance login from a public connection like the local coffee shop. But it’s very important to protect against that - and it comes with extra features such as http/2 and better SEO.

Firewall - will only allow access to whatever ports you’ve allowed. This is important to ensure you don’t accidentally have your database available from the outside. You can enhance the firewall by actively monitoring the log files with something like fail2ban which blocks multiple login failures. https://www.digitalocean.com/community/tutorials/how-to-protect-wordpress-with-fail2ban-on-ubuntu-14-04 Instead of using the plugin WP fail2ban please consider WP Fail2Ban Redux

Up-to-date - keeping both plugins and themes, but also Ubuntu up-to-date is probably the thing that will keep you most secure. And avoid plugins/themes that has not been updated for a long time.

WordFence - will give you extra security, but fail2ban will help with some of the most critical part, which is brute-force login attacks.

+Passwords - remember to have unique, strong, long passwords. And use public keys for SSH and the like if possible.

+Backup - have multiple backups (in multiple locations) and check that they actually work. This is probably the best security you can have.

0
Adam Robertson
Adam Robertson
April 11, 2017

I like to use Login Lockdown plugin. for .htaccess my goto is: https://perishablepress.com/6g/

Also, I always change my wp-login.php to something different. You can google for various methods to do that. It is not hard, and keeps a lot of scripted hack attempts off your Wordpress (which can crash your database)

Also: set up a swap file. set up regular backups of your Wordpress database and files (I use DO volumes to backup everything…then unmount the volume when not in use)

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.