5 Best-Practices For New Servers Built On WPCloudDeploy

After you deploy a server using WPCloudDeploy you have multiple options to help protect it and keep it running properly.

1. Turn On Malware Scanning & Detection

Before you do anything with your new server, you probably want to check the reputation of the IP address it was assigned. Many IP addresses can be placed on “blacklists” for activity that occurred years prior – if your new servers’ ip is one of those it can cause all kinds of future issues.

You can check the ip reputation using a site such as this one: https://www.virustotal.com/gui/home/url

If it turns out your new IP is on a blacklist, you’re probably better off trashing the server and recreating a new one with a new IP – it will save you lots of headaches in the long run.

Once you’ve verified your IP’s reputation, you want to keep it intact.

Malware scanning and detection is an easily deployable feature on WPCD servers that contain at least 2 GB of memory (technically 1 GB is enough but most servers with 1 GB of memory don’t report the full 1 GB as being available).

To turn it on:

  • Go to WPCloudDeploy -> All Cloud Servers and click on the title of your new server
  • On the SERVICES tab, scroll down to the MALWARE & VIRUS SCANNER section
  • Enter your email address and click the INSTALL button.

One thing to keep in mind is that you will not get email notifications unless you install the EMAIL GATEWAY – which we will cover next.

2. Install An Email Gateway / Relay

Most cloud server services will prevent servers from being used to send emails. This is a security precaution to make sure that servers aren’t used as spam relays.

But, this means that server level emails such as those from our Malware scanner will not be sent out until you set up an email relay for the server.

We recommend that you do not use your regular email account for sending email if you’re going to send a lot of emails. Instead, use MAILGUN or SENDGRID. This increases your deliverability rate and reduces the amount of your emails and ends up in spam boxes.

To set this up:

  • Go to WPCloudDeploy -> All Cloud Servers and click on the title of your new server
  • On the SERVICES tab, scroll down to the EMAIL GATEWAY section
  • Enter the requested data and click the INSTALL button.

3. Install Callbacks

Callbacks will allow your server to push data to the plugin on a regular basis instead of waiting for you to request it.

To set this up:

  • Go to WPCloudDeploy -> All Cloud Servers and click on the title of your new server
  • On the CALLBACKS tab just click the INSTALL button for the callbacks you would like to install.

When callbacks are installed, you can see your server’s health status directly in your server list:

4. Install An Object Cache

WPCD offers a choice of two object caches – MemCached and REDIS.

We recommend REDIS.

To install:

  • Go to WPCloudDeploy -> All Cloud Servers and click on the title of your new server
  • On the SERVICES tab, scroll down to either the MEMCACHED or REDIS section.
  • Click the corresponding INSTALL button.

Once installed, you’ll be able to activate the cache on a per-site basis.

5. Setup Server Level Backups

We recommend you set up multiple levels of backups. Start with turning on the IMAGE level backup option at your cloud provider. This is your last line of defense if something goes wrong and you need to restore a server.

After that, you can turn on a server level backup for all your WordPress sites in the WPCD console – this backs up all WordPress sites to Amazon S3.

With your providers’ IMAGE level backups you can only restore the entire server. With our backups you can restore individual sites.

So, if something goes wrong with a site, you can restore it without shutting down the entire server. But if something does go wrong with the rest of the server or you need a non-WordPress file you can still recover by restoring the entire server from your providers’ image level backups.

You can turn on our WordPress sites server level backups as follows:

  • Go to WPCloudDeploy -> All Cloud Servers and click on the title of your new server
  • On the BACKUP tab enter your AWS S3 credentials.
  • Click the SAVE CREDENTIALS button. The screen will refresh after the save and you will need to select the BACKUP tab again.
  • Scroll down to the AUTOMATIC BACKUPS section and turn those on.

You should also strongly consider adding a backup plugin to all your sites. This gives you a third level of protection and, in some cases, is far more convenient for restores since you can do them without leaving the WordPress site. If you do implement this option, send the backups to a location or service other than AWS S3. This way your backups are stored in multiple locations.

Bonus: Firewalls

For most users, the simplest way to implement a firewall is to place the server behind a proxy such as CloudFlare. Then do NOT give out your server’s IP address to anyone.

But, that’s not foolproof since there are bots that are scanning ip address ranges looking for servers. So, your next step is to install a software stack known as FAIL2BAN.

To do this, you can run our FAIL2BAN script from the command line.

Upload the following scripts to the server from the plugin’s includes/core/apps/wordpress-app/scripts/v1/raw folder.  We use a free tool called BitVise to connect to the server and upload the files using drag-and-drop.  But, of course, you can use any other tool you like – sometimes we use a premium tool called Termius. Regardless, the goal is to get the Fail2Ban script up to a known folder on the server. The file you should upload is: 23-fail2ban.txt

Navigate to the folder where you uploaded the scripts and run the following command.  This ensures that the txt file has the correct line endings for linux:

sudo dos2unix 23-fail2ban.txt

Finally, run the script as follows:

sudo bash ./23-fail2ban.txt

Installing even a single firewall can help with performance – it will reduce the amount of unnecessary traffic that various parts of your server will need to deal with.

Automatic Notification Of New Articles

Sign up to get automatic notifications of new articles.  This is a different list than our standard list - you only get new articles within 24 hours of publication.  No other emails will be sent unless you sign up for our general list in the footer of this site as well.

Posted in ,