Categories
Vultr Wordpress

WordPress + SSL+ 2FA $5/Month with Vultr Step by Step for Beginners

This is a step by step breakdown of how to build a WordPress website with SSL encryption with 2 factor authentication on the Vultr cloud service.

If you have a Vultr account log in and move on to the next step, otherwise please use the following link to create your own Vultr account and receive $100 in credit to use toward your website and by using this link you will support my site as well so thank you.

Click on Products on the Left navigation window
Click the + sign on the right and Select “Deploy New Server”
This image has an empty alt attribute; its file name is image-3.png
Cloud Compute offers us the one-click wordpress option
Select the WordPress Application in the Server Type block. Since 2020 Vultr has offered WordPress on Ubuntu 18.04 which has made the process a little easier and less buggy.
I choose the $5 option here as it offers plenty of performance for WordPress. If you dont need WordPress and would like to build a very simple static website check out my tutorial here.

We can skip the Additional Features, Startup Scripts, SSH Keys & Firewall Group for this tutorial as we will not be using our own SSH program and instead we will SSH in directly through the Vultr interface Console later on in this tutorial.

We can now scroll down to Server Hostname & Label and enter in our Domain Name. If you dont have one yet I suggest getting one first as we cannot get an SSL certificate without one. I use Google Domains but you can use whatever service you like such as GoDaddy or Register.com. In the example above I am using Airfryfood.com which I will be building in this tutorial.
Deploy Now!
Now lets give Vultr a Moment while it is installing our new WordPress Virtual Private Server
Once our Server is Running we will have the following options available to us
Now if we click on our newly made server we will go to its properties page where we will have access to the console and our login credentials
As you can see above we have the login information for our WordPress administrator dashboard under the “Application Information” heading with the automatically created username and password for the security prompt put in place by Vultr. You can change this information as you build your website to something more familiar to you and we can remove the security prompt entirely which I show you later in this tutorial.
Above you will see Username and Password so we can log into the back end of our WordPress server. If you notice the Username is “root”, that is because its built on an Ubuntu server operating system and Vultr automatically gives you root access. This is fine for our purposes as we are the owner of our website but beware that when you are logged in as the root user all of your permissions on everything you do will be set as the root user. To put it simply sometimes we do not want to install certain applications as a root user, for those of you with some linux command line experience you know that you must use sudo before some of your commands, but when logged in as root you do not need to enter sudo.
Lets log into our freshly made WordPress website using the following information provided to you under the Application Information heading. In my case i will copy and go to https://45.32.82.221/wp-admin/ where I will get a “Your connection is not private” prompt the first time I log in.
Just click on Advanced and proceed to website, we will fix this later once we set up SSL encryption
Now you should see a security prompt where we can enter in our automatically generated username and password from our Application Information heading under item #1
Now we are in the all too familiar for some of you WordPress basic setup prompts. Lets continue through until we are at the main page.
Fill out your information and click Install WordPress. If you are using the recommended password that is auto generated by WordPress dont forget to copy it somewhere safe, otherwise use a password that you yourself will remember. I personally am not too worried about using a weak password since once we set up two factor authentication 2FA a weak password wont really be an issue.
We are now all set up to a fully running WordPress website that is super secure because of the built in security prompt installed by Vultr, but were not done yet as we need to add our Domain Name A records and Cname and also obtain an SSL security certificate, and then for extra security we will be adding 2FA authentication so follow along.

Domain Name + SSL Encryption

The Lock Icon is what we are after

Depending on who you get your domain name through the process should be the same but your interface might look different from what I will show you below. I use Google Domains because I love all the freebies including unlimited DNS lookups and I just prefer Google 🙂 (Stay tuned for my Google Cloud Services Tutorials)

In your Google Domains account click on DNS and scroll down till you see your Custum Resource Records. if you are not using Google Domains as your Domain Name provider you need to create 2 records, an A Record and a CNAME.
To create our A record we simply add IP address of our website that you can locate in your Vultr server preferences or just look at the Address bar when your on you WordPress page in your browser
To create our CNAME we add “www” and select CNAME in the pulldown menu, we leave the 1H alone and add our domain name we purchased, in this example it is airfryfood.com. The 1H represents the refresh rate meaning every hour, but in my experience Google propagates our domain name very quickly and our site should be accessible in just a couple minutes using our Domain Name instead of our IP address
Great! Now our website can be accessed using our well thought out domain name but its still not secure. To secure it and get the trusty little lock icon in our address bar and avoid the privacy warning for first time users, we need to do a little command line magic which is super easy so follow along.
Back on our Vultr Preferences page we will select our running server and then at the top click on View Console which looks like a little Monitor Icon
A new page will pop up and this is a shell terminal into our server where we can install our certificate. To login we need to enter in our credentials with the user:root and accompanying password located back on our Server Information page
REMEMBER TO LOG OUT AT THE VERY END But I will of course remind you and don’t close this window but no biggie if you do.
Click the little eye icon to reveal your password and enter it manually (I know what a PITA) as we cannot or at least I can not copy and paste into this window. Take your time and notice there is no feedback when entering your password. And yes it is case sensitive.
Now that were all logged in lets install certbot and get this puppy an encryption certificate FOR FREE!
First things first lets stop the nginx service (nginx is the actual web server that serves your pages to the user

service nginx stop

Modify wordpress_http.conf + wordpress_https.conf

Back in our console we will modify our servers http and https apache configuration files using the examples below. (nano is a text editor that works inside the command line and IMO it is the only one with little to no learning curve, but feel free to use vim or emacs if you are so inclined).

nano /etc/nginx/conf.d/wordpress_http.conf
This is what you will see when you open the wordpress_http.conf file in nano so lets make a few changes here
With our first change we will add our domain name after the server_name as in the example above. Remember to delete the _ after server_name
Ctrl + X to save and then Enter/Return to confirm and quit
Now lets modify our wordpress_https.conf file

nano /etc/nginx/conf.d/wordpress_https.conf
This is what our https file looks like before we modify it
Here is the part we need to add in our domain name. Use the example above as a reference but your really just replacing the underscore with your domain name just like we did with our http file.
Ctrl + X to save and then Enter/Return to confirm and quit
service nginx restart

If you get an error use the commands below

fuser -k 80/tcp
fuser -k 443/tcp

At this point if you had any problems loading your website this should resolve that but you may have an issue with your image uploads. In my experience this would be caused by a permissions error in your uploads folder which we can resolve with the following command: chmod -R 755 /var/html/wp-content/uploads for those of you who are interested we are recursively changing the permissions of the uploads folder to owner/read/write/execute=7 group/execute=5 user/execute=5

Lets Continue:

Lets modify our wp-config.php file. If we dont we can still load our page but our CSS and images will not load so……

nano /var/www/html/wp-config.php

And we just need to change the FORCE_SSL_ADMIN to true and also lets define our siteurl and wp home as in the example above

Install SSL Certificate

Above is my example for reference and below is the code snippet that you can use for your Domain. Since we are on Ubuntu 18.04 we do not need to install certbot and can just run this all in one command that will create and install your certificate and force all traffic through https. (For you wordpress pros out there this means you dont even need to modify your wp-config.php file to force https)

certbot --nginx --redirect -d yourdomainname.com -d www.yourdomainname.com -m your@email.com
A for Agree
I trust these people so I choose Y for yes but you can choose N for no if you dont want to share your email
You should now be back at the Command Line with a congratulatory message. If you check your website and everything shows up nice and neat great but it your browser still says not secure click on the not secure logo and check to see if your certificate is valid. If it is indeed valid give it an hour and check back or go through another browser and see if you get a lock icon. Sometimes browsers and switches need time react.
Our website is now secured with the absolutely necessary now a days lock icon and will not display a privacy warning to your users

Automatically renew your Certificate

To automate the renewal process we will create a cron job. In the Linux operating system we can execute code at specific times with just a couple of commands and Vultr has been kind enough to document this for me so here I present it to you. In fact if you want to do more Vultr has most of what I have done here documented which you can find with a quick Google search

after we execute crontab -e select the # 1 so we can use nano to edit our crontab file or select the editor of your choice instead
At the end of the file add the following line of code to renew your certificate every 10th of the month at 3:20am and log it to le-renew.log file

20 3 10 * * /usr/bin/certbot renew >> /var/log/le-renew.log

2 Factor Authentication or 2FA

Lets log into ypur WordPress Dashboard at www.yourwebsite.com/wp-admin and add a new plugin to enable 2FA. Remember at this point if we are not already logged in we will need to use the Vultr generated credentials in our Server Preferences page to unlock the pop up prompt and then enter in our user created login credentials to get into our dashboard
In the search bar on the right type 2FA and you will be presented with many different options to enable 2 factor authentication for your site
This one works great, is super easy, doesnt require any information or extra permissions and is completely free with no ads but feel free to choose the plugin that suits your needs
Once activated just go to the menu item in your dashboard navigation window and get your iphone or android device out with your authenticator app of choice. I personally recommend eithe Google Authenticator or Microsoft Authenticator but there are so many choices out there feel free to pick the one you like.
Once set up we will have an additional security prompt where we can enter in our token generated by our authentication app

Remove Vultr Generated popup

THIS CAN NOT BE UNDONE! SO ONLY PROCEED IF YOU ARE CONFIDENT YOUR PASSWORD IS SECURE OR IF YOU HAVE A SIMPLE PASSWORD YOU HAVE SET UP 2FA AS IN THE EXAMPLE ABOVE

To remove the login prompt with the Vultr generated credentials FOREVER just run the following command that Vultr has so kindley provided in their one-click wordpress

/opt/vultr/remove-htaccess.sh

Before we close this window you can logout as the root user by simply typing:

logout

We must do this otherwise the session will continue for a while and this is bad practice

And we are done! Thanks for following along and I hope this will help people create easy and affordable websites without any hassle or extra research and development time. If you like what you see and would like to contribute please Donate or check out my YouTube channel and subscribe. Thanks and be safe out there.

3 replies on “WordPress + SSL+ 2FA $5/Month with Vultr Step by Step for Beginners”

Hi there would you mind letting me know which hosting company you’re working with? I’ve loaded your blog in 3 completely different web browsers and I must say this blog loads a lot quicker then most. Can you suggest a good web hosting provider at a reasonable price? Kudos, I appreciate it!