C# / .NETDevOpsMisc
DevOps
Building a fast and secure blog - Part 1
Alexandru Puiu
Alexandru Puiu
October 26, 2019
2 min

Table Of Contents

01
Hosting / Installation
02
Restart Apache
03
Update your DNS server to point to your new blog

I find wordpress to be sufficient for my needs for a blog, so it’s my go-to for a really simple site or blog. If custom logic is needed, it’s a no-go, and it’s all the way custom based on what’s needed. “Right tech for the job.”

In this series I’ll show how to create a simple, fast and security-conscious blog.

Part 1: Hosting / installation

Part 2: Plugins, upgrading PHP, HTTP security headers

Part 3: Caching, WAF and Optimizations

Part 4: Monitoring and performance testing

Hosting / Installation

Azure, AWS and GCP have great free offerings for getting started, and free-tier that’s probably sufficient for small blogs. Wordpress.com could be a good option as well. I prefer Digital Ocean in this case, because I have full control over the VM, it’s really cheap ($6/month), it’s a one-click deploy droplet, and really fast. Digital Ocean also monitors security bulletins and sends me relevant info on vulnerabilities, so I can patch anything that’s needed, and they handle backups seamlessly.

Sign up for an account at https://www.digitalocean.com/

Create droplet

In your dashboard, at the top right, click Create -> Droplets

create droplet

Under Choose an image, switch to the Marketplace tab and scroll down to the end, and choose Wordpress

wordpress

Choose a plan. Standard is usually good, and scroll to the left and choose the $5/month plan (you can choose a higher one if you think you need it, but we’ll be caching a lot)

Next choose your datacenter region

Select additional options you need. I go with IPv6 and Monitoring

digital ocean additional options

Choose your Authentication mode (SSH keys are more secure). Create a new ssh key with ssh-keygen or check out this guide on creating SSH Keys with Putty

Scroll down to Add backups and Enable backups (costs an extra $1/month and well worth it)

digital ocean backups

Click Create Droplet

digital ocean create droplet

In a few seconds (around 30 seconds) you’ll be good to go and your blog will be up.

Click on the newly created droplet. You’ll see its IP address, and some info on allocated resources.

digital ocean new droplet

Click on Access -> Launch Console

digital ocean launch console

Once you logged in, you’ll start the wordpress setup.

The script will ask you a bunch of questions and configure wordpress for you. Enter a domain name for your blog, enter your email address, set up an admin account on wordpress (always use a different password then your Digital Ocean or VM account if you went with OTP instead of SSH)

Secure the blog with a LetsEncrypt certificate, basically just follow the wizard until finished, and your wordpress should now be up and running.

Restart Apache

In the VM’s console run

service apache2 restart

Update your DNS server to point to your new blog

Buy a new domain (ex: GoDaddy, Google Domains, Azure, etc)

Go to DNS settings, and change the A records for @ and www to point to your VM’s IP address (it’s listed in the VM’s dashboard under ipv4)

digital ocean new droplet

Add Firewall Rules

Go to Networking -> Firwalls tab -> Create Firwall

Give it a friendly name

Under Inbound Rules, remove All IPv4 and All IPv6 and add your IP Address(es), then add HTTP and HTTPS and leave those open to all for now, then scroll down and under Apply to Droplets, select your VM and click Create Firwall.

cloudflare firewall

Tags

securitywordpress
Alexandru Puiu

Alexandru Puiu

Engineer / Security Architect

Systems Engineering advocate, Software Engineer, Security Architect / Researcher, SQL/NoSQL DBA, and Certified Scrum Master with a passion for Distributed Systems, AI and IoT..

Expertise

.NET
RavenDB
Kubernetes

Social Media

githubtwitterwebsite

Related Posts

Signing Commits
Signing Git Commits Using YubiKey on Windows
February 11, 2020
5 min

Subscribe To My Newsletter

I'll only send worthwhile content I think you'll want, less than once a month, and promise to never spam or sell your information!
© 2023, All Rights Reserved.

Quick Links

Get In TouchAbout Me

Social Media