2019-06-30 00:00:00

Security|Technologyblog|hosting|self-hosted|server|site|Wordpress

The do's and dont's when setting up a self-hosted Wordpress site

Installing a basic Wordpress system really is a straightforward task, but configuring it to survive unexpected technical problems and inevitable hacking attempts requires some planning.

If you have decided to get all the features that WordPress software has and perhaps tweak the system a bit, or you simply want to have total control over everything the Wordpress system does, you are going to have to find a web hosting service for your site. Finding a web hosting service is easy, but setting up and configuring your own web server needs some planning.

Wordpress has documented the main steps for moving from a Wordpress.com blog to a self hosted server. In this article, we focus on the key things you should do and not do when configuring your own system.

Tevya Washburn wrote a long blog post where he told the story of his Wordpress service business. After a number of years with persistent problems, he finally mastered Wordpress, and was able to list the key tasks to do when running multiple Wordpress sites. Since most people who are setting up a Wordpress for themselves or for a small business, need only one or two web sites, I have adopted Tevya Washburn's tips and made them relevant for someone who is starting his or her journey with self-hosted Wordpress.

There are plenty of web hosting companies that are specifically marketing Wordpress hosting. The best thing with them is that you usually get a system that has the basic installation already running: web server (usually Apache), Mysql or Maria database, and PHP. They are all required by Wordpress.

That's not all. Even before the Wordpress site is up and running, it is important to configure all the dependencies between system components so that you can avoid the single point of failure.

When you are running and administering your own web server, you will quickly find out that all kinds of things happen on the internet that cause problems for your site. It maybe a massive wave of spam email, an attempt to hack into your system, comment spam storm, or something else, but things happen 24/7 online.

man looking at program code on computer monitor. photo: Jefferson Santos

The do's and don'ts of Wordpress configurations

After running Typo3 and Drupal web servers, and now Wordpress sites, we have learned two key things:

  1. Avoid single point of failure and
  2. Secure your system from day one.

In concrete terms, this means that you should:

  • Get a cloud hosting service with WordPress-optimized configuration.
  • Set up separate Wordpress instance for each Wordpress site (don't use Wordpress Multisite feature).
  • If you are setting up multiple sites, consider spreading them across two or more servers.
  • Configure the DNS for your server with the registrar where you bought your domain name.
  • Whichever web hosting service and control panel you choose, learn common Linux commands (bash shell) well. You will need it. Especially, troubleshooting and monitoring what is going on in the system are common command prompt tasks. Creating small scripts that automate routine tasks is another reason for learning Linux commands.
  • Install a Linux firewall.
  • Install Wordpress security plugins that are relevant to your system.

Avoid these items in your Wordpress installation:

  • Don't use shared hosting or hosting that uses cPanel.
  • Don't use Wordpress Multisite feature.
  • Don't run an email server in the same system as Wordpress. Email server can be a resource hog, and it is another point of entry to the system.
  • Don't make your Wordpress installation available to the internet before basic security elements are in place.
  • Don't rely on your web hosting service backup alone (of course, this varies by hosting company - some services have excellent backup plans that can quickly recover from a disaster), but consider backing up your web data to another server where you can quickly recover it.

Wordpress security

We have been running a dedicated traffic monitoring/hacker blocking program on our Wordpress servers for awhile now. The program runs on Linux, and monitors traffic before it enters Wordpress. It is designed to scan for Wordpress-specific hacking attempts.

The statistics that the program collects are scary. Wordpress sites attract hackers like happy hikers attract mosquitoes.

Hackers tend to bombard Wordpress servers with attempts (top 3 on our sites):

  • to login as admin
  • to run a php program on the server
  • to get into the system via xmlrpc.php

This is just a brief introduction to security challenges that Wordpress sites have. Hopefully it is enough to convince everyone that securing a Wordpress server is essential. More information on how to actually do it can be found here.

News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain


Everyone loves a pretty mountain scenery

2024-10-24 16:54:02

arihak

Everyone loves a pretty mountain scenery