Setting Up a Hardened WordPress with Encrypted Automated Backups
Now that the basic setup is done, let's pick up various security automation scenarios and look at them one by one.
Everyone would agree that setting up a secure website and keeping it secured is a fairly common security requirement. And since it is so common, it would be useful for a lot of people who are tasked with building and managing websites to stay secure to look at that specific scenario.
Are you aware that, according to Wikipedia, 27.5% of the top 10 million websites use WordPress? According to another statistic, 58.7% of all websites with known software on the entire web run WordPress.
If there are so many, an automated secure way of setting up and maintaining WordPress should be useful for some readers.
Even if WordPress is something that doesn't interest you a lot, bear in mind that the overall steps to set up and secure a LAMP/LEMP stack application are universal.
For us, setting up a hardened WordPress with encrypted automated backups can be broken down into the following steps:
- Setting up a Linux/Windows server with security measures in place.
- Setting up a web server (Apache/Nginx on Linux and IIS on Windows).
- Setting up a database server (MySQL) on the same host.
- Setting up WordPress using a command-line utility called WP-CLI.
- Setting up backup for the site files and the database which is incremental, encrypted, and most importantly, automated.
In this chapter, we will do all of this using Ansible playbooks and roles. We will assume that the server that we plan to deploy our WordPress website on is already up and running and we are able to connect to it. We will store the backup in an already configured AWS S3 bucket, for which the access key and secret access key is already provisioned.
We will discuss the following topics:
- CLI for WordPress
- Why Ansible for this setup?
- A complete WordPress installation, step-by-step
- Setting up an Apache2 web server
- What if you don't want to roll your own? The Trellis stack
- Why would we use Trellis, and when is it a good idea to use it?
- Enabling TLS/SSL with Let's Encrypt
- WordPress on Windows