I have setup a wordpress site for a friend, but I’m afraid that I cannot remember all the steps and all corresponding commands, so I recorded what I did.

1. Edit SSH configuration file, change port, password or disable password login for security, then restart ssh:
Shell

vim sshd_config service ssh restart

1 2	vim sshd_config service ssh restart

2. Change IPTables rules, only allow connections desired ports, close unused ports:
Shell

iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 12345 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -j DROP

1 2 3 4 5 6

iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 12345 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -j DROP

where 12345 is the port number set in the above step.

3. By default, IPTables rules are not persistent, i.e. they are reverted to the default after system reboot. To save the rules, install iptables-persistent package:
Shell

apt install iptables-persistent

1	apt install iptables-persistent

Continue reading How to Setup a WordPress Server →