Building a fast and secure blog – Part 4

8 min read

Scanning

The most important things in security and performance, more than anything else I’d say is: measure, measure, measure, and when you have all the info, set up automatic measuring and alerts. We’ve already set up scanning for some basic things like malware, but there’s a lot more to scan for.

SSL / Encryption settings / strength

https://www.ssllabs.com/ssltest/

SSL Server Test from Qualys will test the SSL/TLS configuration of your website, and provide you a lot of details about your encryption capabilities, known vulnerabilities and identify misconfigurations. Using the settings configured so far, your grade should be A+, but that can change as new threats are discovered, so you should check this regularly.

Building a fast and secure blog – Part 3

9 min read

Setting up Cloudflare

Sign up for a free account at https://www.cloudflare.com/.

Upgrading to Pro has some definite benefits

Add your site

As soon as you log in, you have the option of adding your first site

Verify your DNS records

At the next step it will try to detect and import all your existing DNS records. You’ll next be changing your nameservers to use Cloudflare’s nameservers, so make sure all your DNS records are present. There is an option to avoid this if the situation really requires it, and proceed with CNAME records, but you’ll have to reach out to Cloudflare support to discuss those options.

Building a fast and secure blog – Part 1

4 min read I find wordpress to be sufficient for my needs for a blog, so it’s my go-to for a really simple site or blog. If custom logic is needed, it’s a no-go, and it’s all the way custom based on what’s needed. “Right tech for the job.”

In this series I’ll show how to create a simple, fast and security-conscious blog.

Part 1: Hosting / installation

Part 2: Plugins, upgrading PHP, HTTP security headers

Part 3: Caching, WAF and Optimizations

Part 4: Monitoring and performance testing

Hosting / Installation

Azure, AWS and GCP have great free offerings for getting started, and free-tier that’s probably sufficient for small blogs. Wordpress.com could be a good option as well. I prefer Digital Ocean in this case, because I have full control over the VM, it’s really cheap ($6/month), it’s a one-click deploy droplet, and really fast. Digital Ocean also monitors security bulletins and sends me relevant info on vulnerabilities, so I can patch anything that’s needed, and they handle backups seamlessly.