Question
Steps to take after creating One-Click Install WordPress on Ubuntu 14.04?
I run Savageminds.org, an anthropology blog which gets over 50k page views per month (about 2k per day). I’m thinking of moving it to DigitalOcean and created a copy of my site using the One-Click Install WordPress on Ubuntu 14.04 instructions. I picked the most basic droplet, at $5 a month for 512MB of RAM. Worried that this might not be enough (we run a fair number of plugins) I also enabled swap following the instructions here. I also use Hyper Cache to cache my webpages (along with some other optimization plugins). (And I use updraft plus for backups.)
So, my question is. Will this setup be enough that I can sleep at night knowing my site won’t go down? Do I need to pay for a larger droplet? Or do I need to install additional software to optimize and/or secure my system? This is the first time I’ve tried using a VPS. I’ve used shard hosting for the past decade, so I know my way around wordpress and the command line a bit, but I would appreciate any tips or advice more experienced DigitalOcean users might have.
Thanks.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
After the (hopefully) forced password change I would go and install the tool fail2ban so that brute force password cracking is prevented. Then I would setup basic firewall rules. Good practice seems to be to set all 3 default policies to “drop” and allow explicitly only what you really need. But be careful. this will also affect the console from the website. So you need to allow incoming port 22 (SSH) from your ISP at home. You need incoming and outgoing port 80 (HTTP) and port 443 (HTTPS). You need outgoing port 53 (DNS, tcp and udp). The next thing I would do is to enable SYN_COOKIES and disable the suggested router features via /etc/sysctl.conf.
I keep the system up to date and observe in /var/log whats going on on the system.
In case your website needs more resources you can upgrade to a more expensive plan via the Digital Ocean website with only little downtime.
Good Luck!
Running a full LAMP stack like the one on the Wordpress one-click on a 512MB droplet is possible as you have seen but it really is the bare minimum to keep the MySQL service running. Adding the swap file makes a huge difference and with this it should handle 2k visits per day. I would recommend that you look into using CloudFlare in front of your droplet. Their free plan will act as a reverse proxy between your droplet and your visitors, caching content and reducing the load on your droplet quite a bit, especially in times of high traffic.
There are some steps here that you can take with any new Ubuntu droplet to provide a bit more security. Additionally you can set up fail2ban on your droplet which will help prevent brute force attacks on your server.
Should you see the need to upgrade to a larger droplet plan in the future you can do so from the control panel using the available resize options. The flexible resize option will allow you to upgrade your RAM and CPU and then downgrade again if you no longer need the extra capacity. The permanent resize will resize your RAM, CPU and disk space but is not reversible.
ServerPilot now has a one-click WordPress installer, too, so you can get all of the security, configuration, and management benefits of ServerPilot and still have one-click WordPress hosting.
https://serverpilot.io/blog/2015/07/22/one-click-wordpress-and-automatic-serverpilot-installer.html
ServerPilot looks great! Trying it out now…
Another concern I have is upgrades. I know that good security practices involve regularly updating software to patch known vulnerabilities. I know how to update WordPress but I’m not familiar with what I would need to do in order to keep Apache, Ubuntu, PHP, etc. up to date on my system?
Thanks. Lots of great advice here. I also like the advice of creating a secure configuration and saving it as a snapshot (as recommended on one of those links). Seems like it could make things a lot easier later on if I wanted to setup a new server.
A couple of followup questions:
If I were to use CloudFlare, would I still want to use my own caching in WordPress, or could I turn that off?
Would there be any reason to use Nginx instead of the default Apache? (I take it I would have to start over to do this?)
I don’t have the habit of regularly checking my system logs. Is there some way to set the system up to regularly alert me if it is experiencing any strain? (i.e. goes over the memory limit or starts getting too much traffic, etc.)