Developing Authority
Developing Authority

June 2018
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
252627282930  

Categories


Setting up a WordPress Blog with Digital Ocean

joshmoronyjoshmorony

One of the biggest obstacles to starting a blog is actually getting the blog online. I don’t think you should let this stop you from writing. In fact, I would recommend just writing a few test blog posts in your favourite word processor before even bothering to put them online.

However, you will eventually want a website that people can go to and view your blog posts, and this step can take a bit of effort. You can use a blogging platform that handles setting up everything for you (which will make this step a bit easier), but it is important that you “own” your traffic and users. What I mean by this is that you should use your own domain name and have the ability to move your site to another host if you wish. If readers are able to subscribe via email to your content, you should own that email list, not a 3rd party. This way, you can move your audience wherever you want, rather than being locked into a specific platform.

It might seem like a good option to just start with something like:

joshmorony.somebloggingplatform.com

and publish your posts there, with the intention of later moving on to your own website. But you don’t want to start building up traffic and momentum and then lose a lot of that. Typically I’m a fan of the just get started approach, but I think setting up your blog is something you should sink a bit of time into.

In this guide, we are going to walk through configuring and securing a new blogging website using WordPress on a self-hosted Ubuntu server. The cost for this setup will vary depending on exactly how you want to set everything up, but it will start at $5/mo for the server, plus the cost of the domain name.

If you’ve been thinking about setting up your blog and can afford it, just follow along with this guide and do it. It will probably take about 30-60 minutes to work through everything in this guide.

Setting up WordPress on Digital Ocean

Since I prefer to have complete control over my websites, I use Virtual Private Servers (VPS) through companies like Digital Ocean or Linode to host the website. A VPS, in effect, gives you your own server to control where you can install whatever you want, configure it however you want, etc. This is different to shared hosting solutions where you share resources with other people and are generally limited in what you are allowed to do.

Because Digital Ocean has a One-Click App available for WordPress, it is actually quite easy to set up. This means that rather than having to do most of the server configuration yourself, Digital Ocean will just pre-configure most things for you. The server will automatically set up everything needed to run a WordPress install, e.g. Apache, PHP, and MYSQL.

This still does require a certain level of technical knowledge. Since Developing Authority is targeted at technical bloggers I think this will be an appropriate approach for a lot of people reading this. If you are not all that comfortable with editing code and running commands, then this approach might not be a good fit for you.

Since there is not much you need to do after the initial set up, just being able to Google things and run commands on your server should be enough to get by. It will help to be at least be somewhat familiar with basic Linux commands like ls, cd, and nano.

The downside of this approach is that since you control everything, you are also responsible for everything. You will need to make sure to patch the server every once in a while with updates, you will need to make sure you aren’t introducing security vulnerabilities, and if your server goes down you will need to figure out why (generally, the hosting company will give you some help here).

It might sound a little scary if you’re not used to managing your own server, but there isn’t that much you need to know, and you’ll be spending very little time messing around with the server once the initial set up is done. It’s also a valuable learning experience.

1. Sign up to Digital Ocean

You will first need to create an account with Digital Ocean. This is my affiliate link, so if you sign up after clicking this link you will get $10 worth of credit added to your account, and I will get $25 in credit if you continue to use the service.

2. Setting up a Droplet on Digital Ocean

Once you have created your account you will need to create a Droplet (a.k.a. your Virtual Private Server). You can do this by clicking the Create button in your account and choosing Droplets.

You will then be asked to choose an image – this determines what operating system and software will be added to your droplet. Rather than configuring our own server, we are going to use the One-click app for WordPress. Click ‘One-click apps’ and then choose the WordPress option:

Wordpress One Click App in Digital Ocean

Next, you will need to choose a size. You can just start out with the cheapest standard droplet because you can always resize later if necessary:

Digital Ocean Droplet Size Select

Then you will need to select a data center. You can just accept the default if you like, or you can choose a data center closer to where you think most of your readers will be:

Digital Ocean Data Center Select

Under Select additional options you should at least enable Backups (this will cost 20% extra) and IPv6. You should also add your SSH public key so that you can log into your server without a password. If you do not already have a private/public key pair, there are some instructions in this post. You do not have to follow all of the instructions in that post, you only need to perform the steps up until the point where you have added your public key to Digital Ocean.

You can log into your server with a password instead of an SSH key, but it is not recommended.

Digital Ocean additional options

Finally, you will need to set a hostname and click Create:

Digital Ocean Create Droplet

Once the droplet has been created, you will be able to see a list of all of your droplets and their IP addresses (which you can use to view your website, or SSH into the server).

3. Add a Domain Name

At this point, you can already access your website directly via its IP Address, but this is a good time to set up the domain name. This will allow people to access your website more easily, and it will also allow you to set up an SSL certificate a little later in this guide.

You can register a domain name with whatever registrar you like, I usually use Gandi.net. Once you have registered the domain name, you will need to point its name servers to:

ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com

This will point the domain name to Digital Ocean, but you still need to attach it to your droplet. To attach a domain name, you will need to click on the Networking tab in the Digital Ocean interface.

Digital Ocean Setting up Domain Name

You will need to supply your domain name and associate it with the Droplet you created. Make sure that you have an A record that points to your droplet’s IP Address, and an AAAA record that points to your droplet’s IPv6 Address.

Keep in mind that it can take some time for the DNS records to propagate, but after a little while, you should be able to access your website by going to:

mydomain.com

instead of having to use the IP address.

4. Configure WordPress

If you go to the IP address for your droplet, or the domain name if you have set that up already, you will see a page like this:

Digital Ocean WordPress Setup Splash Page

In order to properly configure WordPress, we need to SSH into our server. You can do that using the following commands:

ssh [email protected]_ADDRESS_OF_DROPLET

or

ssh [email protected]

For the rest of this guide, I will use mydomain.com as an example. When you first log in, you will see a couple of important bits of information:

The "ufw" firewall is enabled. All ports except for 22, 80, and 443 are BLOCKED.
To secure your WordPress installation, fail2ban has been configured and the
WordPress fail2ban plugin is a site enforce module in. If you do not want to use this
plugin, remove /var/www/html/wp-content/mu-plugins/fail2ban.

One of the big benefits of using Digital Ocean’s One-click apps is that we get a bunch of stuff like this done for free. We don’t need to mess around with creating a firewall or setting up fail2ban because it is already done for us.

You are encouraged to run mysql_secure_installation to ready your server for
production. The passwords for MySQL and the WordPress users have been saved to:
/root/.digitalocean_password

Since everything is set up for us, Digital Ocean needs to supply us with the passwords that were used during this process. You will need these to proceed through the setup process.

To grab those passwords, just run:

tail -f /root/.digitalocean_password

Make a note of these, and then run (after terminating the previous command with Ctrl + C):

mysql_secure_installation

This will run you through a series of prompts to help secure your MySQL installation. You should just answer yes to most things:

At this point, we are finished with the server (for now). If you go back to mydomain.com now, you will be greeted with the WordPress configuration screen:

Wordpress Configuration Screen

Make your way through the prompts again to finish setting up WordPress. At the end, you will be prompted to log in, but…

DO NOT LOG IN UNLESS THE SITE IS CONFIGURED TO USE HTTPS.

I know you probably want to dive in right now, but we need to do a few more things first. If you log into your website over an insecure connection (i.e. http not https) then your password could be exposed. If someone were listening in on your network, they could potentially sniff out your password and your WordPress installation would be compromised right from the beginning.

So, before we go any further we are going to perform some more security upgrades, and configure an SSL certificate. Before we do that, you can still go to mydomain.com and you will be able to see your WordPress blog up and running! You can get back to the admin interface at any time by going to:

mydomain.com/wp-admin

But again, don’t log in until you have an SSL certificate configured and are logging in over https.

5. Secure Your Server

There are a few extra steps we can take to make our server a little more secure. We are going to start off by creating a sudo user and disabling the root user login. Instead of logging in as the root user, we will log in as a new user that we create, and if we need root privileges to run a particular command we can just run:

sudo <the command>

To create a sudo user, I would recommend following this tutorial.

Once you have created that user, you will also want to be able to log in using the SSH key (you can just use the same SSH public key as before). To allow this new user to log in with that key, you will need to add it to the list of authorized_keys under that user. To do that, you should follow the steps listed in this comment:

NOTE: Make sure to replace USERNAME with the username of the user you just created in all of the commands below. If you used the su command previously to switch to the new user you created, type exit before running these commands.

Create an .ssh folder:

mkdir -p /home/USERNAME/.ssh

Create an authorized_keys file:

touch /home/USERNAME/.ssh/authorized_keys

Set ownership of all files in the users folder to the user:

chown -R USERNAME:USERNAME /home/USERNAME/

Set ownership of the users folder to root:

chown root:root /home/USERNAME

Set the permissions of the .ssh folder

chmod 700 /home/USERNAME/.ssh

Set the permissions of the authorized_keys file

chmod 644 /home/USERNAME/.ssh/authorized_keys

Add the public key to the authorized_keys file:

nano /home/USERNAME/.ssh/authorized_keys

You will need to hit Ctrl + X and then type y in order to exit and save the file. You should now log out of SSH completely (by typing exit), and attempt to SSH in with your new user:

ssh [email protected]

Once you can successfully access your server through SSH with your new sudo user, you should disable the root login. You can disable the root login by modifying the following file:

sudo nano /etc/ssh/sshd_config

and changing PermitRootLogin to no:

PermitRootLogin no

Once you have made this change and saved the file, you should restart the SSH service:

sudo service ssh restart

You should now exit your SSH session and confirm that you can no longer log in with the root account, but that you still can with your new sudo user account.

6. Secure WordPress

There are also some additional steps you can take to further secure your WordPress installation. You can make these changes by editing files through SSH, or you can download a program like CyberDuck if you prefer a GUI approach.

I would recommend reading this guide for recommendations on securing WordPress. At a minimum, I would recommend making the suggested changes to:

7. Configure an SSL Certificate

Installing an SSL certificate will allow your site to work over https. This not only makes communication to and from the server secure, it should also help improve your rankings with Google.

We will be using Let’s Encrypt/Certbot to set up the certificate. This is free and super easy to use (in comparison to installing the certificate manually, at least). In order to configure an SSL certificate, you will need to have already set up a domain name.

You can follow this tutorial to set up your SSL certificate using Certbot.

Once you have finished setting up your SSL certificate, you should be able to go to:

https://mydomain.com/wp-admin

and log in securely. However, make sure that https is in the URL. By default, your site will be available both through http and https, so it is still possible to communicate insecurely with the server even if you have an SSL certificate installed. The suggested Cloudflare implementation in the next step will reroute all http traffic to https.

8. Set up Cloudflare (optional)

Cloudflare is a CDN (Content Delivery Network) that can give your site a massive speed boost, pretty much for free. Cloudflare sits between your server and your visitors and can help cache and deliver resources faster than your server could. It also keeps a lot of stress off of your server because many of the requests never even reach your server. I believe everything that we will be doing in this example only requires Cloudflare’s free tier.

Cloudflare also has a useful Page Rules feature that we can use to reroute all HTTP traffic to HTTPS. If you choose not to use Cloudflare, you should implement some other method for rerouting all HTTP traffic to HTTPS.

If you would like to use Cloudflare, you can create an account here and set up your website. You will need to make some DNS changes in order to set everything up – just follow their instructions.

Once everything is set up, you can configure the caching settings however you like. Once you’ve had a poke around, make your way to the Page Rules tab, and add the following rules (the order is important):

Cloudflare Page Rules

Page rules allow you to set specific settings for specific URLs. The first rule says that if we are anywhere in the admin interface for WordPress, we want to disable caching (because it is annoying to have your admin panel cached when you are constantly making changes). The second rule says that any time an http URL is requested, to redirect the traffic to use https instead. The third rule supplies the desired settings for every other URL.

9. Install WordPress Plugins

We’re almost there! All of the set up is done at this point, so now it is just a matter of managing the WordPress installation itself. At this point, you should be able to log in, mess with your layout, start publishing posts, and so on.

However, I would recommend taking some time to install a few important plugins. You should always be careful with plugins that you install – some people end up installing a ton of plugins and never delete them. This can degrade the performance of your site, and it can introduce security vulnerabilities. Only install plugins you need, delete them when you don’t need them, and only use trusted plugins.

There are a few WordPress plugins I would recommend for a new WordPress install:

Out of all of these, I’d strongly suggest you install Wordfence Security. You may be surprised at how many attempts there are daily to try and compromise your site, and Wordfence can help block these. With good security, these attempted attacks shouldn’t be able to actually achieve anything, but it’s good to be able to block them anyway. Wordfence also allows you to run “scans” that check for common exploits/vulnerabilities.

Even if you have great security practices, you can never be 100% secure, so make sure you keep good backups in case the worst ever does happen.

What Next?

If you’ve never managed a blog before, you will end up finding that it is just a constant development process – there is always going to be things you want to change or improve. I could go on with more recommendations, but I had to stop this post at some point. However, there are a few more things that are worth setting up sooner rather than later that I would encourage you to look into:

You should also make sure to SSH into your server and run sudo apt-get update and then sudo apt-get upgrade once in a while to apply the latest patches.

Now that you have your own blog, go forth and write content!