Hello mdoooooot,
About UFW, WordOps install script check:
- if UFW is already enabled -> cancel ufw config
- if there is no SSH port detected in /etc/ssh/sshd_config -> cancel ufw config
Then it allow SSH port (defaut and custom if detected), http, https, 22222 and ntp.
So, let me know if there are other checks to perform to avoid configuring UFW during install (it can be another firewall config path or executable, or anything else which can cause trouble), and I will add them into the next release.
This way, you will not have to use an extra flag with WordOps install command, and it will still harden security of servers running without any firewall