Anyone hosting a site with Lightsail? If so, have you taken any steps to secure it other than wordpress plugins? Something from the AWS Console or SSH?
Not sure why the question is so confusing, but I am hoping to secure an instance. If there are one or two steps you always take to achieve that, it would help to know them..
Answers:
Lightsail blocks password auth. You might want to consider Fail2Ban to secure SSH. Other than that, keep everything up to date.
Tbh a weird question if you do manage your own server. I would ask myself if it’s wise to be managing your own server without the proper knowledge.
Though if you wanna learn start with making sure your SSH is secure, FTP is disabled and utilize some WAF / Fail2Ban.
Very few people understand the fact that light sail is largely a managed server. The entire idea behind it is for people with my skill set. My question was to only improve security which is already covered by light sail. There are always holes that can be plugged and stuff like Fail2Ban help closing them.
I think your definition of a managed server is different then most (experienced) users in this group. I’m not a server expert at all but if you don’t even know how to define your stack (OS, apache/Nginx, etc.). AWS Lightsail would not be a service i would recommend. I would even advice to stay away from Amazone totally cause their service is not that straight forward in my experience.
If you are fine with updating you stack yourself like PHP or want to learn that this way it would be fine. But AWS will not do that (while managed providers would).
But again it’s your own website and server, so i wish you luck and i hope my concerns are for nothing. I’ve handled hacked servers and sites a lot and it’s not a pleasant thing to do and not something i wish to anyone.
P.s: make sure to have offsite backups.
I refer you back to my post. Please do look into light sail before trying to comment on it. Updating PHP and doing basic SSH commands isn’t rocket science. And it’s a simple WordPress application. I’m not trying to unnecessarily complicate things. I’ve secured the application and server using whet others have suggested and quite happy with it and so is the client. Have already set up offsite backups and instance snapshots.
Also, using snapshots one can easily deploy new instances which are updated with the latest tech stacks and then copy over the snapshot. Considering how much the client would save versus a fully managed solution I’m sure they will be happy to pay for this service every 5-6 months if required.
On that note. Let’s hope it doesn’t get hacked.
I’ve tried Lightsail and other undamaged VPS providers. I got tired of managing and updating the servers.
You have to update the server software via SSH like any other unmanaged VPS. If you’re running WordPress on it, you’re likely running a LAMP or LEMP stack on the VPS. Something in the stack typically gets an update at least once per week, be it a major, minor, or patch update. There are times when there are no updates, but you still have to SSH and check to make sure. The way it’s advertised, I don’t doubt that there are many Lightsail and other VPSs out there that go without being updated for months and did fine. I just didn’t want to take the chance with my VPS.
You might be able to find an auto-update script to run. It was just easier for me to go back to something that is managed.
It also depends on your traffic and other requirements. I have a WordPress site that gets around 50,000 visits per month, sometimes spiking to 5k – 10k per day on a $10 shared host.
depends on what you want. there are a million guides out there for hardening servers. close and/or change ports, put firewalls (network & waf).
I have almost all my sites hosted on lightsail . Depends upon what you want to achieve.
I’ll be using wordfence on the wp install, just needed to understand a few basic steps to ensure the server is secure on the foundation level at least. Mike’s comment above helped. If you have any more info, such as any other steps you always take on every WordPress install, it would be awesome, Thanks.
Just install Plesk, cPanel, CyberPanel or any other gui based control panel on your lightsail instance. Usually, these panels are equipped with better security and hardening options.
I have been using AAPanel for over an year and it comes with fail2ban and nginx firewall solutions.
I am running lightsail servers which I control with Gridpane. Gridpane does have WAF for the WP install. Lightsail already has some security hardening done by default, like giving a non-root login and easy SSH key setup. Its for people who want a server but don’t want to do absolutely everything. Interesting to know what else Gridpane does for server hardening. If indeed they need to do anything.
Learn More: Best website hosting providers according to Reddit users