So, I now again revisited self-hosted WordPress on DigitalOcean, but now I started from base Ubuntu image, not pre-installed droplet. This is in hope of installing multiple WordPress per Droplet.
# adduser $MYNAME and login as $MYNAME first
sudo apt install php7.4 mysql-server certbot python3-certbot-apache
sudo mysql_secure_installation
sudo ufw allow ssl
sudo ufw allow in "Apache"
sudo certbot --apache
sudo crontab -e
wget http://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
sudo apt install php7.4-zip php7.4-mbstring php7.4-gd php7.4-curl php-imagick imagemagick php7.4-xml
Now, I got my WordPress. However, some of the things are currently missing.
- Installing plugins in the first place.
Yes, I did ufw allow ftp, ufw allow ftps; but it didn't work.
- Plugin for Markdown editor, without having to connect to WordPress. (Do I have to avoid Jetpack and Akismet?)
- How I do export posts, so that I am not locked in to WordPress?
- Yes, I must be able to read and modify it without WordPress at all.
Top comments (3)
First i wanna Quote from my WordPress 101 "Stay secure, never ever use plugins!" :-)
The critical component of Wordpress, especially when it comes to security, are plugins from external developers. Keep that in mind, so less is more - also from a security point of view.
As a web.dev enthusiast, I would like to advise you to test your site with Google Insights. Wordpress themes in particular do not do so well without optimization.
web.dev/measure/ Read up on the topic.
There are really many topics to consider:
Since external plugins are essential, and must be used, I can recommend the following to you.
Developer / DevOps workflow
Performance is also a big issue. Use one of the cache plugins to generate static pages from your WordPress theme. I have used WP Super Cache successfully in several projects.
wordpress.org/support/article/opti...
Optimize the Web Vitals, as they are also elemental for your Ranking in Search Engines.
web.dev/learn-web-vitals/
Content workflow
You should install a plugin that will automatically compress your images.
de.wordpress.org/plugins/wp-smushit/
SEO is also a big topic. de.wordpress.org/plugins/wordpress...
Security workflow
Secure your wp-admin so that only you can see the backend. During my installations only my IP address was on / wp-admin /wp-login.php. This is how you avoid brute force attacks on your backend.
You should also use 2FA.
de.wordpress.org/plugins/search/au...
If that is possible for your side, then I would block entire countries.
sitepoint.com/how-to-block-entire-...
Test your Server! There are many tools e.g. wp-scan, nmap and so on. If you have ssh open, do not use a password Authentication. Use ssh keys instead.
To your question:
I have not tested the last versions of WordPress anymore, in the past there was the possibility that you could also write a post by email.
If you have further Questions.. Ask ;-)
Greetz Franky
P.S. Go with a JAMStack! It is way faster, way securer and you dont need weeks to figure out all the topics in cleaning up your WordPress Installation.
My point is, I still want the database; albeit I prefer it read-only in production. I want to equipped with FTS, at very least.
Also, I want to simplify the workflow; not having to build it every time new post is published.
Actually, I am getting an impression that classical CMS with a real database is expensive to manage.
Though, I see that a real database, but does not expose C-UD API endpoints are generally safe. (But, R-endpoints indeed had to be carefully chosen.)
Unless I want non-dev people to edit things, of course.