The best WordPress security is the one you implement without installing plugins. 🙂
OS level security can protect WordPress better than any plugin.
ModSecurity runs before the request hits PHP, which means the WordPress will not even know that anything happened.
- VPS (I host my website on GCP – Ubuntu 18.o4 LTS, running CyberPanel which is based on OpenLiteSpeed)
- SSH access
- glass of water (in case you get thirsty)
CyberPanel provides everything you need out of the box. All you need is to ‘activate’ security features.
- To protect your website/s first install/enable CSF firewall.
- Then Install and activate ModSecurity,
- and finally enable OWASP ModSecurity rules pack.
In case CSF shuts itself off every time you refresh/revisit its settings, I suggest
re-installation – just click ‘completely remove’ and then again ‘install’.
After you make sure everything works, you should visit the “ConfigServer Services” which can be found all the way down in the main navigation pane. From there you will have all the options to configure and control on what is happening with your server, security wise.
There are security steps which you get as recommendations to make your server/website even safer. There is one which is very very important. You should make sure that you adjust SYSLOG_CHECK option and set it to ex. 600. You can do that through the pane mentioned above. When you set a number for it, hit ‘Enter’, which will ask you to restart the CSF. Do that!
After that you should make a SWAP file. Swap is super important for server stability. To do that just follow this set of commands.
Type the following command to create 3GB swap file (1024 * 3072MB = 3145728 block size):
dd if=/dev/zero of=/swapfile1 bs=1024 count=3145728
The output should something like this:
|3145728+0 RECORDS IN|
3145728+0 RECORDS OUT
3221225472 BYTES (3.2 GB, 3.0 GIB) COPIED, 81.4183 S, 39.6 MB/S
Then we must secure this file: by entering following commands you will make sure that only root user can read and write to the file.
chown root:root /swapfile1
chmod 0600 /swapfile1
Set up a Linux swap area in a file:
|Setting up swapspace version 1, size = 3 GiB (3221221376 bytes)|
no label, UUID=3b006f27-9ba4-497e-b6de-a798d1c4f7f2
To activate /swapfile1 swap space immediately, enter this:
To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using a text editor such as nano:
Now, the file is opened, and you should add this at the bottom of the file:
/swapfile1 none swap sw 0 0
Press ctrl + x, then y, and then hit ‘enter’ to save the file.
Next time when your server restarts, it will enable the new swap file automatically.
To verify the swap is working:
| total used free shared buff/cache available|
Mem: 1687 522 167 33 997 955
Swap: 3071 0 3071