Running a full LAMP stack like the one on the Wordpress one-click on a 512MB droplet is possible as you have seen but it really is the bare minimum to keep the MySQL service running. Adding the swap file makes a huge difference and with this it should handle 2k visits per day. I would recommend that you look into using CloudFlare in front of your droplet. Their free plan will act as a reverse proxy between your droplet and your visitors, caching content and reducing the load on your droplet quite a bit, especially in times of high traffic.

There are some steps here that you can take with any new Ubuntu droplet to provide a bit more security. Additionally you can set up fail2ban on your droplet which will help prevent brute force attacks on your server.

Should you see the need to upgrade to a larger droplet plan in the future you can do so from the control panel using the available resize options. The flexible resize option will allow you to upgrade your RAM and CPU and then downgrade again if you no longer need the extra capacity. The permanent resize will resize your RAM, CPU and disk space but is not reversible.

After the (hopefully) forced password change I would go and install the tool fail2ban so that brute force password cracking is prevented. Then I would setup basic firewall rules. Good practice seems to be to set all 3 default policies to “drop” and allow explicitly only what you really need. But be careful. this will also affect the console from the website. So you need to allow incoming port 22 (SSH) from your ISP at home. You need incoming and outgoing port 80 (HTTP) and port 443 (HTTPS). You need outgoing port 53 (DNS, tcp and udp). The next thing I would do is to enable SYN_COOKIES and disable the suggested router features via /etc/sysctl.conf.

I keep the system up to date and observe in /var/log whats going on on the system.

In case your website needs more resources you can upgrade to a more expensive plan via the Digital Ocean website with only little downtime.

Good Luck!

Thanks. Lots of great advice here. I also like the advice of creating a secure configuration and saving it as a snapshot (as recommended on one of those links). Seems like it could make things a lot easier later on if I wanted to setup a new server.

A couple of followup questions:

1. If I were to use CloudFlare, would I still want to use my own caching in WordPress, or could I turn that off?

2. Would there be any reason to use Nginx instead of the default Apache? (I take it I would have to start over to do this?)

3. I don’t have the habit of regularly checking my system logs. Is there some way to set the system up to regularly alert me if it is experiencing any strain? (i.e. goes over the memory limit or starts getting too much traffic, etc.)

Another concern I have is upgrades. I know that good security practices involve regularly updating software to patch known vulnerabilities. I know how to update WordPress but I’m not familiar with what I would need to do in order to keep Apache, Ubuntu, PHP, etc. up to date on my system?

ServerPilot looks great! Trying it out now…

ServerPilot now has a one-click WordPress installer, too, so you can get all of the security, configuration, and management benefits of ServerPilot and still have one-click WordPress hosting.

https://serverpilot.io/blog/2015/07/22/one-click-wordpress-and-automatic-serverpilot-installer.html