In this post, I am gonna teach you how you can have a secure server using Cloudways
Cloudways is a panel that you can use to create a server to host all your WordPress sites.
I moved to Cloudways from WordPress.com more than two years ago and I have learned so many things to secure my site.
Now check my list of security measures to apply when using a Cloudways to create a server to host your WordPress sites
Table of Contents
Hide your Server IP with CloudFlare
I recommend CloudFlare to protect your server and WordPress sites.
When you add your domain to CloudFlare, CloudFlare will hide the IP so attackers have a hard time finding it.
If you want people on the internet know what your hosting provider is , CloudFlare will take care of that automatically for you.
This is what you see when you try to know who my hosting provider is.
Use CloudFlare Firewall Rules
If you are active person in WordPress, you will see people asking what the best security plugins are.
WordFence, Sucuri and Itheme Security are some of the most popular options.
I don’t recommend any security plugins because I protect my sites using custom CloudFlare Firewall rules.
I have already written about theme so you better take some time to look at my rules
Firewall Rules seems like something which is hard to do but it is not.
Limit DataBase,SFTP and SSH Access to IP’s you Trust
You probably don’t check any of this often but it is a measure that you can apply to protect your database, WordPress Core Files and SSH access.
You can do this by simply by choosing “Block all IP addresses, except those on the Whitelist.”
Then add your IP or don’t add any IP address unless you or your developers needs access to the database, WordPress installation, etc.
If I get a hold of your database, SSH or SFTP credentials, I won’t be able to connect unless my IP has been previously whitelisted
Backups on Cloudways are pretty cheap, so make them regularly so you can revert back to a previous state if your sites gets hacked or defaced.
Also consider making backups that you can save on a cloud service like Dropbox, Box, Drive etc.
I create backups using All in One WP Migration and store them on my Google Drive
Off-site backups are useful if your server is down and you want to restore your site in a different server.
Disable Access Application via IP
Another security measure that you can take by simply is to disable access to your application via IP
In default application, choose none.
This is what people on the internet will see when they try to access your sites via IP
Update Plugins and Themes Regularly
Another piece of advice for your site not to get compromised is to try to update your plugins, themes and WordPress Core Files regularly.
I usually update WordPress, my theme or plugins as soon as an update is released but I don’t understand people who don’t after a few have passed to make sure everything is alright with the update.
If your part of that group, make sure you check first if the update has to do with security fixes or not.
Choose the best theme and plugins so you don’t have to worry that much about security issues.
Take WordPress Security Seriously
At this point, everything is pretty much taken care of, cloudFlare Firewall Rules will handle most of the malicious activity if the rules are successfully implemented
Don’t make stupid mistakes like using nulled plugins or using your dog’s name as password.
Use LastPass, Bitwarden to create and save 30-character passwords.
If you write posts on public places, create an editor account for such purposes and use your admin account only when you really need to.
What about Bot Protection?
Bot Protection is basically Malcare, another security plugin out there.
I don’t use it. I think it is a good alternative in case you don’t want to use CloudFlare
If you have CloudFlare Firewall rules, CloudFlare is far more powerful than Bot Protection.
Cloudways has proven to be one of the best ways to create and protect your server.
I haven’t had any issues and when I have run into some problems was because I didn’t follow the part of the advice included in this post.