
In this section of the course, we are going to look at various introductory topics that relate to this course. It's important that you complete this section of the course as I cover a wide variety of topics and how they relate to the course.
To complete this course successfully, you need have a basic knowledge of a few Linux commands and processes.
In this section I'm going to introduce you to the essential Linux skills you need to complete this course successfully.
This is the new 2024 Linux Essential Skills mini - crash - course that I include with all my courses.
If you are new to Linux, it's very important that you take your time and work your way through this lecture. You must use this section to familiarize yourself with the commands and the various aspects of Linux in relation to this course. All of the topics are important, don't skip any of the topics in this lecture.
If you are familiar with Linux and have used the command line to before, then please feel free to skip this lecture.
This is the first Essential Skills Lecture [ 1/4 ]
If you require any additional information regarding any topic in this section, please ask for my help using the course Q&A.
To complete this course successfully, you need have a basic knowledge of a few Linux commands and processes.
In this section I'm going to introduce you to the essential Linux skills you need to complete this course successfully.
This is the new 2024 Linux Essential Skills mini - crash - course that I include with all my courses.
If you are new to Linux, it's very important that you take your time and work your way through this lecture. You must use this section to familiarize yourself with the commands and the various aspects of Linux in relation to this course. All of the topics are important, don't skip any of the topics in this lecture.
If you are familiar with Linux and have used the command line to before, then please feel free to skip this lecture.
This is the second Essential Skills Lecture [ 2/4 ]
If you require any additional information regarding any topic in this section, please ask for my help using the course Q&A.
To complete this course successfully, you need have a basic knowledge of a few Linux commands and processes.
In this section I'm going to introduce you to the essential Linux skills you need to complete this course successfully.
This is the new 2024 Linux Essential Skills mini - crash - course that I include with all my courses.
If you are new to Linux, it's very important that you take your time and work your way through this lecture. You must use this section to familiarize yourself with the commands and the various aspects of Linux in relation to this course. All of the topics are important, don't skip any of the topics in this lecture.
If you are familiar with Linux and have used the command line to before, then please feel free to skip this lecture.
This is the third Essential Skills Lecture [ 3/4 ]
If you require any additional information regarding any topic in this section, please ask for my help using the course Q&A.
To complete this course successfully, you need have a basic knowledge of a few Linux commands and processes.
In this section I'm going to introduce you to the essential Linux skills you need to complete this course successfully.
This is the new 2024 Linux Essential Skills mini - crash - course that I include with all my courses.
If you are new to Linux, it's very important that you take your time and work your way through this lecture. You must use this section to familiarize yourself with the commands and the various aspects of Linux in relation to this course. All of the topics are important, don't skip any of the topics in this lecture.
If you are familiar with Linux and have used the command line to before, then please feel free to skip this lecture.
This is the fourth Essential Skills Lecture [ 4/4 ]
If you require any additional information regarding any topic in this section, please ask for my help using the course Q&A.
In this section we are going to look at the software you require to complete the course successfully. All software used in this course is free and or open source. You will not be required to purchase any software.
In this section of the course, we are going to cover the following:
server specifications for different types of WordPress sites, by that I'm referring to the resource requirements - for example the number of CPU cores and the RAM
server distributions, that’s the server operating system
my recommended web host
we are also going complete the process of creating an actual server instance for the course
In this section we are going to login to the server for the first time and start the server hardening process as the root user.
In this section we are going to login to the server for the first time and start the server hardening process as the root user.
In this section we are going to continue the server hardening process as the non-root user
As the non-root user, we will look at using sudo and continue hardening the server by implementing the following measures:
SSH key authentication deals with replacing password usage with a public / private key pair authentication system when logging into your server.
A ssh config file makes logging to a server using ssh key authentication quick and easy
Server updates deal with ensuring all the packages installed on the server are up to date.
Implementing a firewall policy allows you to lock down and close any unused ports and services that are not being used.
Fail2ban is an intrusion prevention framework that will protect your server from brute-force attacks.
The all-powerful administrative account or user on the server is the root user. Any errors made as the root user are normally irreversible and devastating.
When running commands that require root privileges you must always use the sudo, prior to typing
the command.
SSH key authentication deals with replacing password usage with a public / private key pair authentication system when logging into your server
A ssh config file makes logging to a server using ssh key authentication quick and easy
Server updates deal with ensuring all the packages installed on the server are up to date.
Implementing a firewall policy allows you to lock down and close any unused ports and services that are not being used. We are going to configure both Uncomplicated Firewall and Cloud Firewall
Fail2ban is an intrusion prevention framework that will protect your server from brute-force attacks
In this section we are going to further harden the server as well as start to optimize the operating system to help us squeeze every bit of performance we can get out of the server. You cannot tune nginx, mariadb and php for performance and security without first tuning the server operating system for performance and security.
We are going to cover numerous topics in this section.
We'll start with setting the time zone to your local time
In the event of your server running out of memory, it can make use a ssd space as virtual memory. SWAP is to help prevent your server crashing in the event it runs out of memory.
As the /run/shm space can be exploited we need to secure this space in shared memory.
The TCP/IP stack default configuration needs to be hardened against different types of attacks and optimized for performance.
We are going to install Tuned. Tuned is a profile-based system tuning tool that enables both static and dynamic tuning of system settings
We are going to set the congestion control to BBR - Bottleneck Bandwidth and RTT - Round-trip propagation time - this will help to increase throughput and reduce latency for connections
For a performance boost, we are going to disable the filesystem from keeping track of the last time a file was accessed or read
By default, the maximum number of open files allowed per process is set very low. Since sockets are considered files on a Linux system, this limits the number of concurrent connections as well. We need to increase the maximum number of open files allowed per process.
In this section we are going to look at how you point a domain name to your server using Cloudflare.
In this lecture, we are going to look at repositories, the package manager and we are going to install nginx, mariadb and php.
Nginx is the web server, mariadb the database management system and php is the server-side scripting language that is responsible for generating dynamic page content.
In this lecture we are going to configure the server to send mail from the command and using php. This will enable your WP site to send mail without using any plugins.
We are also going to look at the easiest method to create a mail@your_domain email account.
In this lecture we are going to configure the server to send mail from the command and using php. This will enable your WP site to send mail without using any plugins.
We are also going to look at the easiest method to create a mail@your_domain email account.
This course is based on the latest Ubuntu Server Long Term Support Release 22.04
This is a beginner's course that assumes you have no knowledge configuring a Linux server, server administration or NGINX.
New to Linux or server administration? Included in the course, is an absolute beginners "crash" Linux course. This 1 hour "course within a course" will teach you the commands, terminology and procedures as it relates to this course.
This course is NGINX is a high-performance web server that is responsible for serving almost all of the most popular sites in the world.
We start with a blank slate and layer by layer configure the perfect nginx server. I will teach you, step by step, to a point where you will have the skill, knowledge and confidence to host multiple hardened WordPress sites, on an unmanaged VPS or dedicated server, using nginx.
You will need no support from your host. You will be your own system administrator.
This course covers the entire spectrum of configuring an Ubuntu based NGINX server. We will cover everything from initial server configuration to hardening and optimizing the server distribution.
Some of the server optimization and hardening steps will include the following topics:
SSH Key authentication
Setting up both Uncomplicated Firewall and a "Cloud Firewall"
Brute force attack protection
SWAP
Harden Shared Memory
Harden and Optimize the Network Layer
Tuned and Congestion Control
File Access Times and setting the Open File Limits
Then we install, harden and optimize Nginx, MariaDB and php8.1. Although the default installations of Nginx, MariaDB and PHP8.1 are fairly well hardened, we will spend over 1.5 hours hardening and optimizing Nginx, MariaDB and PHP8.1
Then we install our first WordPress site. We then start the process of hardening and optimizing WordPress. Installing a caching and security plugin does not optimize or harden a WordPress site. Some "security plugins" are a source of vulnerabilities themselves.
Almost 4 hours of the course is dedicated to hardening and optimizing WordPress. We look at hardening and optimizing WordPress from the server side and layer by layer we will harden our site.
Some of the hardening topics include:
Installing SSL certificates and configuring automatic renewal of those certificates.
Securing the http response headers
Setting the correct ownership and permissions on the WP files and directories
Using nginx directives to protect important parts of our site
Hot linking protection to stop other sites from stealing our bandwidth and driving up server costs
Nginx DDoS protection
Setting up a web application firewall
When it comes to optimizing WP, we will look at the process from both the server-side and the application (WordPress) side.
On the server-side we will cover the following:
optimizing the operating system - prior to optimizing WordPress
optimizing nginx - prior to optimizing WordPress
configuring php-fpm according to your server resources - prior to optimizing WordPress - set to low your site slows down, set to high and your server will crash
server-side caching - fastcgi caching is brilliant
replacing WP cron with a real cron
On the application or WordPress side you need to look at the following:
Caching plugin - W3 Total Cache
Optimizing images
Post revisions policy
Optimizing the database
Combining and minifying CSS and JS
Throughout the course, the principle of install only what's needed, then harden and optimize is followed. The most important aspect of any server is security. I don't just glance over this aspect, every configuration step you will take is geared towards security. We will optimize the server, but not at the expense of lax security.
It's impossible to list all the hardening and security layers we implement in this section, for a complete list please refer to the actual course curriculum.
By the end of this course, you will be ready to reap the benefits...
You'll be able to add a new revenue stream and start earning additional income hosting your own sites using NGINX. There will be numerous new services you will be adding to your resume as a web developer. You will be able to charge for numerous new services - site hosting, site optimization, Let's Encrypt SSL certificate installation and renewal, backups and even a monthly maintenance fee.
This course is not a lab experiment with no real-world application.
This course was not designed to be completed locally, on your pc or mac or using one of the many available "Virtual Machines". Oracle's VirtualBox is one example. The aim of the course is to instruct you on how to setup a secure/hardened hosting environment and then host multiple hardened WordPress sites on a commercially purchased VPS or dedicated server.
I want you to able to look at server logs and see how malicious users and bots are scanning your server, probing and looking for vulnerabilities. You need to be able to see the result of your hardening - banning, blocking, rate limiting - in your server logs. This cannot be done in a Virtual Machine.
All that's left is for you to sign up for this course and start your wonderful journey as your very own systems administrator running multiple WordPress sites using the latest Ubuntu release and NGINX.