a bit surprised by the move to digital ocean as a magic silver bullet that solve all the problems
no, you just moved the problem "away" to "oh it's a virtual instance, so if anything goes wrong I can restore from backup"
I don't see how this protect from being hacked ?
if you run a server, not maintaining it is what make it hackable.
so yeah reading the digital ocean tutorials can be a good start, like reading the ubuntu server guide https://help.ubuntu.com/lts/serverguide/ , but it will never replace the time you invest in your server, eg. doing sysadmin.
It does not have to be hard it just have to be done and on a regular basis.
It's like a car, motorcycle, bicycle, etc. you need to spend the time to change the oil, check the tire pressure, and all those little things that are simple but necessary ... otherwise it get rotten with time.
> It's like a car, motorcycle, bicycle, etc. you need to spend the time to change the oil, check the tire pressure, and all those little things that are simple but necessary ... otherwise it get rotten with time.
Agreed. Or else pay significantly more for a managed WordPress server, but even those aren't immune to security issues, as we saw recently with WP Engine.
The most secure option by far if you don't serve dynamic content (that would require a login, for example) is to use a static site generator and serve it via Github, S3, or Netlify. Or even your own Nginx (only slightly less secure as long as you understand Nginx and SSH and how to mitigate any potential security issues).
For me the decision to move to Digital Ocean was not expected to solve any of the underlying security issues. I chose them because they encourage better security practices through documentation and make isolating instances cheaper and easier.
The previous host did not give very good advice and kept band-aiding the side effect of bad infrastructure decisions.
What I like about Digital Ocean is that I can separate out my "risky" servers (you know, when a client wants to use Wordpress, or when they mandate an out of date version of a library because it works with some of their existing codebase) onto $5 instances. I never put full Github keys on them and with regular backups, the damage is mitigated.
When you go with a single server any one hack can take out your entire database, like what happened here.
Also the Digital Ocean API is pretty awesome, although I wish they would return the public key when you make a new droplet. I've had to resort to stuffing one onto the server during a server creation script.
It's easy. If you can easily restore from a backup, then you can easily not care at all as to whether you can get hacked or not -- especially if what you run is just a blog.
no, you just moved the problem "away" to "oh it's a virtual instance, so if anything goes wrong I can restore from backup"
I don't see how this protect from being hacked ?
if you run a server, not maintaining it is what make it hackable.
so yeah reading the digital ocean tutorials can be a good start, like reading the ubuntu server guide https://help.ubuntu.com/lts/serverguide/ , but it will never replace the time you invest in your server, eg. doing sysadmin.
It does not have to be hard it just have to be done and on a regular basis.
It's like a car, motorcycle, bicycle, etc. you need to spend the time to change the oil, check the tire pressure, and all those little things that are simple but necessary ... otherwise it get rotten with time.