Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Wordpress setup for blogging on my website

  1. #11
    Join Date
    Nov 2009
    Beans
    Hidden!
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Wordpress setup for blogging on my website

    google pagespeed will test your website and let you know where and what you need to optimise.

    otherwise general ubuntu hardening should do.

    install is easy, like i wrote check a few plugins as the ymake life easier. don't install too many, and definitelly install security plugins. i was hacked on hosted server via wordpress. the host had security in place, but wordpress still needs it's own stuff (at least to monitor the events and to backup).
    Easy to understand Ubuntu manual with lots of pics: http://ubuntu-manual.org/
    Do i need antivirus/firewall in linux?
    User friendly disk backup (suitable for older PCs): Redobackup Less friendly disk backup (works on new PC): Clonezilla

  2. #12
    Join Date
    Sep 2014
    Beans
    352

    Re: Wordpress setup for blogging on my website

    I am going through everything posted so far to make sure I have everything in order. Any sites to check what I need to hardened on my Ubuntu server first?

  3. #13
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    13,196
    Distro
    Kubuntu Development Release

    Re: Wordpress setup for blogging on my website

    "Hardening" your Ubuntu server is not really the issue with WordPress. You need to be vigilant about installing upgrades to the WP software when they are released. Usually they contain security fixes. WP sites are attacked all the time. I have posted some more detailed suggestions about WP security here: https://ubuntuforums.org/showthread....1#post13626346
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #14
    Join Date
    Feb 2015
    Location
    Florida
    Beans
    Hidden!
    Distro
    Ubuntu Gnome 16.04 Xenial Xerus

    Re: Wordpress setup for blogging on my website

    Keeping WordPress updated is pretty simple, you can set it up to automatically update when the latest version is released within the WordPress dashboard

  5. #15
    Join Date
    Nov 2009
    Beans
    Hidden!
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Wordpress setup for blogging on my website

    Quote Originally Posted by Michael_McKenney View Post
    I am going through everything posted so far to make sure I have everything in order. Any sites to check what I need to hardened on my Ubuntu server first?
    internet is full of such advices. it depends how far you plan to go and what kind of things you have on server i guess.

    for example at home i have a personal server which is meant only for specific people (IPs).

    so what i did is:
    1. automated security updates (unnatended updates)
    2. fail2ban with blacklisting setup (1 and up to 3 errors and you are banned - depending on the attempted action)
    3. NAT on router allows only certain ports through
    4. apache server - access allowed to only a handfull of IPs
    5. files and directories are locked down as much as possible
    6. admin (sudo) user is separated from other users
    7. using SSH with keys & password for sensitive parts like OS access.
    8 a few other measures i won't disclose.

    it works like this:
    if you try to login from wrong IP, you are banned.
    if you managed to get the IP and spoofed it, you need to then guess the user name. if you guessed the username, you need to guess a password,. if you guessed both you still need the key to access it. 2 attempts go wrong and you are banned.

    anyway if somoene really went after the server and dedicated time they could probably hack it. but the measures defend against scripted attacks.
    Easy to understand Ubuntu manual with lots of pics: http://ubuntu-manual.org/
    Do i need antivirus/firewall in linux?
    User friendly disk backup (suitable for older PCs): Redobackup Less friendly disk backup (works on new PC): Clonezilla

  6. #16
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    13,196
    Distro
    Kubuntu Development Release

    Re: Wordpress setup for blogging on my website

    Quote Originally Posted by RobGoss View Post
    Keeping WordPress updated is pretty simple, you can set it up to automatically update when the latest version is released within the WordPress dashboard
    My implementation (see the link I posted above) does not permit the Apache user ("www-data") to write into any of the WP directories except wp-content/uploads/. This protects the site from being defaced by attackers but also disables automatic updates. So, in my case, I first run the script described in that link to change the permissions on the WP installation, then run the update manually, then run another script to reset the permissions.
    Last edited by SeijiSensei; July 19th, 2017 at 02:32 PM.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  7. #17
    Join Date
    Sep 2014
    Beans
    352

    Re: Wordpress setup for blogging on my website

    I did not think about blacklisting on my site. I am going to get the UTM licenses for my 60E. The Fortinet 60E is a great firewall that does a lot of this in the UTM license.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •