In this post, I am gonna teach you how you can have a secure server using Cloudways
Cloudways is a panel that you can use to create a server to host all your WordPress sites.
I moved to Cloudways from WordPress.com more than two years ago and I have learned so many things to secure my site.
If you are thinking about moving your sites to Cloudways, support RevistaWP by clicking the button below
Now check my list of security measures to apply when using a Cloudways to create a server to host your WordPress sites
Table of Contents
Hide your Server IP with CloudFlare
I recommend CloudFlare to protect your server and WordPress sites.
When you add your domain to CloudFlare, CloudFlare with hide the IP so attackers have a hard time finding it.
If you want people on the internet know what your hosting provider is , CloudFlare will take that automatically for you.
This is what you see when you try to know who my hosting provider is.
Use CloudFlare Firewall Rules
If you are active person in WordPress, you will see people asking what the best security plugins are.
WordFence, Sucuri and Itheme Security are some of the most popular options.
I don’t recommend any security plugins, I protect my sites using CloudFlare rule.
I have already written about theme so you better take some time to look at my rules
Firewall Rules seems like something which is hard to do but it is not.
Limit DataBase,SFTP and SSH Access to IP’s you Trust
You probably don’t check any of this often but it is a measure that you can apply to protect your database, WordPress Core Files and remote access
You can do this by simply by choosing “Block all IP addresses, except those on the Whitelist.”
Then add your IP
If I get your database, SSH or SFTP credentials, I won’t be able to connect unless my IP has been whitelisted.
Backups on Cloudways are pretty cheap so make them regularly so you can revert back to a previous state if your sites gets hacked or defaced.
Also consider making backups that you can save on a cloud service like Dropbox, Box, Drive etc
I create backups using All in One WP Migration and store on my Drive
Off-site backups are useful if your server is down and you want to restore your site in a different server.
Disable Access Application via IP
Another security measure that you can take by simply is to disable access to your application via IP
In default application, choose none.
This is what people on the internet will see when they try to access your sites via IP
Update Plugins and Themes Regularly
Another piece of advice for your site not to get compromised is to try to update your site regularly.
I don’t update as soon as the theme or plugin developer releases an update unless if the update has to do with security concern.
Choose the best theme and plugins so you don’t have to worry that much about security issues.
At this point, everything is pretty much taken care of, cloudFlare Firewall Rules will handle most of the malicious activity if the rules are successfully implemented
Don’t make stupid mistakes like using nulled plugins or using your dog’s name as password.
Use LastPass to create and save 30-character passwords.
If you write posts on public places, create an editor account for such purpose and use your admin account when you really need to.
What about Bot Protection?
Bot Protection is basically Malcare, another security plugin out there.
I don’t use it. I think it is a good alternative in case you don’t want to use CloudFlare
If you have CloudFlare. CloudFlare is far more powerful than Bot Protection.
Cloudways has proven to be one of the best ways to create and protect your server.
I haven’t had any issues and when I have run into some problems was because I didn’t follow the advice included in this post.