How To Set Up A WordPress Website Using AWS Lightsail
I thought this would be a good ice breaker as a first blog post since MattSec is being hosted on AWS Lightsail. The following tutorial will show you how to set up a Lightsail instance and deploy WordPress to it. Finally, we will secure it with an SSL certificate and enable HTTPS.
What is AWS Lightsail?
I like to think of Lightsail as a SaaS service where you can create applications with one click (for the most part). We will be using WordPress with light sail for this tutorial, but it supports many other applications. A complete list can be found here.
The Pricing is relatively reasonable too, and you have several pre-defined options to choose from. They range from $3.5 USD per month up to $160 USD per month. So there should be something available to support most peoples use cases. Also, as of writing, new users can get the first three months free. This offer is available on the $3.5, $5, and $10 instances.
Chosing an Instance That Suits Your Needs.
The first step is to know how much traffic your website will be serving and what it will be hosting, most personal blogs won’t need much power and will tend to go towards the lower end of available instances. However, if you are running something more critical like a store or website for a business, I’d recommend something bigger. There is nothing worse than having a slow website when you’re trying to run a business.
Creating an Instance
Once you’ve picked a size you can go ahead and create an instance. At this point, AWS will ask you if you want to generate an SSH key so you can access your server. I’d highly recommend doing this as using the web console can be a bit messy.
I’d also enable “Automatic Snapshots” while you are here, this will backup the instance once per day and retain 7 days worth of snapshots. Note, this will increase your cost as you need to pay for the storage of these snapshots.
For this tutorial, we will be creating a WordPress website.
Now go ahead and click “Create Instance”. You should see a public IP appear on the next screen almost instantly. Take note of this and wait 2-5 mins while the instance boots.
Connecting to the Instance
Once our Instance has booted we will want to connect to it, you can either use the web-based SSH client that amazon offers, to do so just click the “Connect Using SSH” button. Or (with the key we created earlier) we can connect with our favourite SSH client. I’m using a Mac so the inbuilt terminal will do fine.
ssh -i the_key_you_created.pem bitnami@the_ip_from_lightsail_consoleOnce connected you should be greeted with the following:
Pointing our domain to Lightsail and forcing https
I’m going to assume at this point you’ve got a domain name, but if not, it’s super easy to set up with route 53. I will create a guide on this soon and update this post.
Once you’ve pointed your domain at the IP provided (it’s the same as the one you used to connect). You’ll then want to get an SSL certificate so you can use HTTPS without getting a horrible “un-secure site” warning. The good news is the bitnami toolset installed with light sail has a script to do all this automatically for you… for free! Thanks to Let’s Encrypt.
In the same terminal you connected to earlier, run the following commands:
sudo /opt/bitnami/bncert-toolYou may get this popup – it just means the tool requires an update (type Y and enter)
the tool will present the following:
This is where we enter our domain name, mycoolwebsite.com as an example.
The tool will now ask you a few questions:
- Enable HTTP to HTTPS redirection
Set this to Yes. it’s 2022 and there is no need for a HTTP site. Google will even start warning users not to visit your site and stop indexing it in search results.
- Enable non-www to www redirection
Depends on your domain name but if you do set this to yes make sure you have a DNS entry for www.mycoolwebsite.com
- Enable www to non-www redirection
Depends on your domain name again, if your domain name is mycoolwebsite.com then enable this so visitors typing www.mycoolwebsite.com will be redirected to mycoolwebsite.com.
Once the above is completed you will be shown the following:
Validate the options and if you are happy enter “Y”
You will then be asked to enter your email for the Let’s Encrypt certificate.
Enter a valid email and press enter.
Then review and accept the user agreement (type “Y” and press enter)
The tool will now do its thing:
and output this when done:
And that’s it – you’ve enabled HTTPS. The script will renew your certificate every month so there is nothing else you need to do.
Logging into WordPress
After the domain configuration, we can connect to the WordPress Admin console. In the same terminal you ran the above commands in, run the following:
ls -lYou should see two files:
Now run:
cat bitnami_application_passwordThe password for the “user” account will be outputted on the screen.
Navigate to the wp-admin page (https://mycoolwebsite.com/wp-admin)
the username will be “user” and the password from the file you cat’ed earlier.
That’s it you’ve now created a WordPress instance on AWS Lightsail.
A Few Notes and Tips
This is a list of a few things I’d recommend doing after following the above steps, none of these are mandatory but should be followed.
- Move the login page from /wp-admin, this makes life harder for the bots that just run around the internet trying to bruteforce any WordPress instance they find. A WordPress plugin will be super helpful with this https://en-gb.wordpress.org/plugins/wps-hide-login/
- Create your own admin user and delete the default “user” account.
- Edit the default firewall rule for port 22 and restrict it to just your public ip
- Disable IPv6 networking
- Reserve a static IP for your instance, you won’t need to keep updating your route 53 records if you reboot the instance. If you do this the IP address with remain the same.
- Review all the plugis that were installed by default and remove the ones you don’t need. The same goes for themes.
- Setup JetPack (installed by default). The free version offers some protection against brute force attacks and also offers reliability monitoring.
- Create an alarm in the Lightsail console if the CPU constantly goes over 90% – this can indicate your site is stuggeling to cope with demand.
- Consider installing some anti-spam plugins if you intened to allow comments on posts.
My Thoughts?
Lightsail is a great piece of kit, allowing anyone to get up and running with a website (and other services) in a matter of minutes, without needing any in-depth knowledge of AWS. There will be more cost-effective options out there but having the AWS backbone hosting your website is always a good point. Plus, things like automatic backups and snapshots just make life easy. Score one for the cloud.
