Essential Security Steps for WordPress on Ubuntu 24.04 (The "LEMP Hardening" Draft)
Once your WordPress site is live, it becomes a target for automated bots. Here are the three most critical steps to harden your server.
Quick Navigation
- Step 1: Install Let's Encrypt SSL
- Step 2: Configure a Firewall (UFW)
- Step 3: Secure WordPress File Permissions
Step 1: Install Let's Encrypt SSL
An SSL certificate encrypts the traffic between your users and your server. We will use Certbot to automate this.
sudo apt update
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.comStep 2: Configure a Firewall (UFW)
You should only allow traffic on necessary ports. Ubuntu’s Uncomplicated Firewall (UFW) makes this easy.
sudo ufw allow 'Nginx Full'
sudo ufw allow OpenSSH
sudo ufw enableStep 3: Secure WordPress File Permissions
To prevent hackers from modifying your core files, ensure the webserver only owns what it absolutely needs to.
# Set directory permissions
sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \;
# Set file permissions
sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \;
Warning: Always keep a backup of your
wp-config.php file before running bulk permission changes.