- Edited
This post is for informational purpose. There are different levels of website security.
- Domain Level - DNS Provider.
-DnS Level Security. Cloudflare Free DNS.
-Cloudflare Certificate - replace letsencrypt
-Cloudflare Zero Trust - replace fail2ban, protect wp-admin brute force.
-Cloudflare Ddos protection - replace fail2ban
-Cloudflare Bots Protection - replace nginx bad bot blocker.
-Cloudflare WAF - create security rules.
- Network Level - Hosting Provider.
-Use Network firewall provided by VPS hosting - Replace UFW firewall.
- Server Level - OS, Web server, System.
-SSH port change, SSH key access, limit root access, file & folder permissions, update Linux, update wordops stack. Disable wordops backend Auth. Install only required tools & utilities.
- Application security- Wordpress.
-Update Wordpress, minimum use of plugins, follow best security practices.
Following these guidelines will not only release extra resources from VPS but this will optimize server operations.
