Firewalling Your Server

If you’ve ever looked at server logs, you will see a constant barrage of bots probing your website. So imagine all the bots probing every nook and cranny of your server. You need protection.


If you’re on shared hosting, you probably have access to your web server logs, but no other logs. And if you’re on shared hosting, you really don’t have much control over the server you’re on. And the story can end there.

Or you switch to a VPS and get full access to your server. This may sound overwhelming, but many VPS providers such as Digital Ocean and Vultr can set up your server with what you need to host your site. They both offer a One-Click installation of WordPress for just $5 per month. Vultr also offers a free Plesk environment that hosts up to three domains and has its own app ecosystem where you can install WordPress, etc. The Plesk setup is similar to cPanel and lets you set up websites, databases, and email.

Best practice is to not run multiple services on the same server. The One-Click WordPress installations are website-only, and your DNS records can reside at your domain registrar. Email may have to exist elsewhere. Gandi can handle DNS and email for your domain (two basic mailboxes for free, 40¢ per month for each additional, or $2 per month per premium mailbox).

So now you have a VPS with a website. Digital Ocean and Vultr have upstream firewalls that sit in front of your server. Websites only need Ports 80 and 443 open for web traffic. You can block everything else off. Then open up access for your home IP address on Port 22 for SSH (secure access). This way you can use a terminal program or File Transfer app to access your server.

At this point, there are only three entry points to your server: HTTP (Port 80), HTTPS (Port 443), and SSH from only your home IP address (Port 22). Let’s make sure your website is secure…

If you’re using WordPress, I highly recommend Wordfence. It has its own firewall for all web traffic and will scan your site for vulnerabilities. You’re in very good shape now. Attackers will come knocking, but they won’t get in…as long as your passwords are secure. Here’s a good half-hour presentation with great tips on securing WordPress:

If you want to take it to the next level, start looking into DDoS protection. Vultr offers this, but only on the IPv4 address. Cloudflare also provides DDoS protection, and some fancy firewall configuration work can really help you out here. Later on, we will cover the benefits of Cloudflare.