Secure Your Self Hosted Wordpress
update 6/12/2024: this post predates letsencrypt, you should just use that instead: https://letsencrypt.org/
Self hosting WordPress rocks. Unsecured websites do not rock. It does not matter how long or complicated your password is if it is being transmitted in plain text over HTTP. Luckily, it is easy to create a Self Signed certificate and use it on your website. Keep in mind that browsers become very unhappy with Self Signed Certificates and tend to yell at the user. So, if you have a lot of traffic and want your users to feel safe purchase an SSL certificate from a real Certificate Authority. In any case, at the very least you should be using a self signed SSL for all of the admin portions of your site. Here’s how to do it on Debian 7.5 running a standard LAMP stack.
- Create your self signed Certificate by running the following commands sequentially.
mkdir /etc/apache2/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/wp.pem -keyout /etc/apache2/ssl/wp.key
2. Create a Virtual Host for your website in /etc/apache2/conf.d/yoursite.conf
<VirtualHost 1.2.3.4:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/wp.pem
SSLCertificateKeyFile /etc/apache2/ssl/wp.key
DocumentRoot /srv/www/yoursite.com/public_html
<Directory>
AllowOverride All
order allow,deny
Allow from all
</Directory>
</VirtualHost>
- Change yoursite.conf to something more meaningful
- Change 1.2.3.4 to the IP of your server, which you can obtain by running ifconfig in a terminal
- Change the document root to your actual document root.
sudo a2enmod ssl4. Restart apache
sudo service apache2 restart
All set! Now, you can navigate to yourwebsite.com, confirm the security exception, and administer and view your WordPress site securely.
Thank you for reading! Share your thoughts with me on bluesky, mastodon, or via email.
Check out some more stuff to read down below.
Most popular posts this month
- Lev Lazinskiy
- Lev Lazinskiy
- Terminal RSS Reader With Nom
- Setting up ANTLR4 on Windows
- SQLite DB Migrations with PRAGMA user_version
Recent Favorite Blog Posts
This is a collection of the last 8 posts that I bookmarked.
- No-One Escapes the Permanent Underclass from Fernando Borretti
- Is it ethical to use AI? from charity.wtf
- The logical destination of LLMs from Andy Bell
- Revised rules of engineering leadership. from Irrational Exuberance
- The circus freaks of open source from Drew DeVault's blog
- Clanker: A Word For The Machine from Armin Ronacher's Thoughts and Writings
- I ran a half-marathon! from gluecko.se
- My Running Tips from Kevin Bell's Blog
Articles from blogs I follow around the net
My last 5 books - July 2026 edition
My last 5 books - July 2026 edition This is a new feature in which I will copy and paste my recent book reviews from my books page These are the last 5 books I have read. I will update in a month or 2 when I've read 5 more. I'm Starting to Worry About this...
via O'DonnellWeb July 12, 2026“Animating something and animating something well are two very different things.”
From Jakub Krehel, a new blog post about self constraint in the era when AI makes it easy to ignore constraints altogether. My caveat is that the post doesn’t fully come together for me – jumping from AI to animations and then back to AI the way the author...
via Unsung July 12, 2026Generated and suppressed demand.
Eight years ago, I wrote about my theory of restoring struggling teams, which came down to four steps: A team is falling behind if each week their backlog is longer than the week before. Solve by hiring more. A team is treading water if they’re able to get...
via Irrational Exuberance July 11, 2026Generated by openring