Finding perfect WordPress shared hosting server setup

Note: this post is going to be more of a list of selected software that I think makes a good WordPress shared hosting server than a comprehensive setup tutorial. If you’re looking for that king of a thing I suggest you google f. ex. Linode or DigitalOcean tutorials. They are pretty good.

I’ve been running a small shared hosting server for a long time. I have a few clients and I use it myself too. It’s a plain simple LAMP stack with Google’s mod_pagespeed as an addition to Apache. When I set up the server I chose Centos 6 be the base for it all. Rest of the stack you already know (LAMP = Linux, Apache, MySQL & PHP).

I’ve been doing all setups by hand from the beginning and over the years the server has collected all kinds of unused software, forgotten configs and orphaned sites. As I’ve let it tangle in to this mystery I thought it’s probably time to start from scratch, build a new server with a more moder stack, better scalability and security.

When you’re about to start building yourself a new server the first question is what software you want it to run as this is going to help you choose a suitable Linux distro. Some software is easier to get on some linux distros than in others. I’m noit going to go in to details but as an example if you want to run Nginx it’s pobably better to select Ubuntu over Centos as on Centos you’ll have to compile Nginx by yourself. Compiling something yourself isn’t really a problem but it also means that you’ll have to manually recompile it when ever you want to install updates to it. To keep things simple and manageable and not to fall in to the swamp of custom configs and tweaks right in the beginning I’d like to be able to update all my software with a package manager (or similar). Now let’s jump in to the stack I’ve ended up with.

Ubuntu 14.04 with the following software installed:

• EasyEngine
• cron-apt
• firewalld
• (Naxsi)
• fail2ban
• suhosin
• rkhunter
• Linode Longview

You probably notice that there seems to be a lot missing. I said it’s going to be a web server didn’t I? So where’s the server then? Well, it’s being installed and managed by EasyEngine. EasyEngine also can install and manage Nginx, PHP, MariaDB, HHVM, PageSpeed, Postfix etc. + a bunch of different admin tools like WP-CLI, Adminer, phpMyAdmin, phpRedisAdmin, FastCGi cleanup scripts, OPcache, Webgrind, Anemometer etc. It does a lot and has a possibility of simplifying the management of my hosting setup a lot.

Rest of the software (except Longview) are security related. The cron-apt can take care of automatically installing security updates, firewalld is a firewall that supports zones (UFW doesn’t) & services, fail2ban can slow down the guys hammering your services with malicious things in mind, suhosin makes PHP a bit more safe and rkhunter can periodically scan your server for rootkits.

I’ve been thinking about installing a Web Application Firewall like NAXSI but I feel like it’s an overkill for my usage. I might add it later if EasyEngine decides to add support for it.