Part 1. Theory
The goal of this learning path is to give you a clear path forward for securing all the websites that you host on your vCanopy provisioned servers. Before you begin locking down your sites though, here are two articles that will help provide an overview of the bigger WordPress security picture.
The first is focused on the threats and how vCanopy’s security options help guard you against them. The second is a real world case study on locking down two websites where security was a very high priority.
1. THE OWASP TOP 10 AND vCanopy WORDPRESS SECURITY OPTIONS
2. CASE STUDY: SECURING MULTIPLE BANKING WEBSITES BUILT ON WORDPRESS
Part 2. vCanopy Security Overview
Security is at the heart of everything we do here at vCanopy, and we have some very cool features that you can use to secure each and every one of your websites. The two articles below offer an overview of what vCanopy secures “out of the box”, and then the options that you can configure on a per website basis.
1. vCanopy DEFAULT SECURITY AND ADDITIONAL OPTIONS
2. SECURE YOUR WORDPRESS WEBSITES: AN OVERVIEW OF THE SECURITY TAB
Part 3. Securing Your Websites
At this point we’ve taken a look at the theory and the options vCanopy offers for securing your websites. Now let’s use them to start locking your sites down.
Below we’ll take a look at the 7G WAF (we also offer ModSecurity as well, but we generally recommend using that only for enterprise type sites), Fail2Ban, and our server level WordPress hardening options.
2. CONFIGURING FAIL2BAN TO PREVENT BRUTE FORCE ATTACKS
3. WORDPRESS WEBSITE HARDENING FOR NGINX AND OPENLITESPEED (OLS)
Congratulations!
If you’ve implemented a WAF, WPFail2Ban, and our WordPress hardening options then you have locked your websites down tight.
Part 4. Security Beyond vCanopy
With all of the vCanopy security measures now in place, your sites are locked down tight. Thousands of websites on vCanopy use only these measures to keep secure, but if you want to go the extra mile, here are a few bonus options to consider.
1. CLOUDFLARE FIREWALL RULES FOR SECURING WORDPRESS WEBSITES
2. CONNECTING FAIL2BAN TO CLOUDFLARE
3. SECURITY PLUGINS: TO USE THEM OR NOT TO USE THEM?
Part 5. Additional Reading
WordPress security is a big topic. We have an entire section of our knowledge base dedicated to the topic that you can check out here: Knowledge Base: Security.
Below are a few the highlights from that archive.