I decided to move everything to AWS. Moving everything gave me the flexibility a geek wants in terms of customization. I was using the regular wordpress.com account and sadly paid for it. I lacked a ton of customization abilities, which was by design. I was mainly only able to make blog posts and not a whole lot else.
I used AWS heavily in the past and loved how easy it was to create an EC2 instance, create RDS, make a CloudFront distribution and what not. Comparing costs of having a hosted wordpress versus doing it myself are comparable. I believe I get much stronger reliability, flexability and overall customization.
Firstly, I registered paulhitt.com on AWS Route 53. This enabled me to have DNSSEC capabilities. I then created a CloudFront account and attached it to paulhitt.com and went through the process of associating it with Route53 DNSSEC. The process was fairly straight forward. I can come up with ways to be able to spoof and get around the process, but thats another topic.
Once all the DNS stuff is in place, the next step was to log in to AWS and create an EC2 instance (Ubuntu instance) and RDS instance. As I do enjoy system administration, if I am going to pay a couple extra bucks a month (if that) I will let Amazon deal with the patching and up time. I then created a Cloudfront distribution that was associated with an S3 bucket I made for the content (images, CSS, JS, all that static stuff).
Installing wordpress was straight forward. Perform the following
sudo apt-get install php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-cli php7.0-cgi php7.0-gd
tar -xvf latest.tar.gz
sudo rsync -av wordpress/* /var/www/html/
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html
sudo mv wp-config-sample.php wp-config.php
sudo vi wp-config.php Change DB_NAME, DB_USER, DB_PASSWORD, DB_HOST to whatever RDS says they are. I made the RDS instance non-public so that it stops some future break in attempts and limits surface area attacks.
Then goto: https://api.wordpress.org/secret-key/1.1/salt/ and replace those variables in wp-config.php. Navigate to http://<localhost>/wp-admin or http://<whateverIPorHostname>/wp-admin and finish the install
That’s it! WordPress should be installed on AWS.
A couple extra tweaks I did. I found https://deliciousbrains.com/wp-offload-s3/ extremely handy and useful. This plugin will re-write the CSS/JS and other files to an AWS S3 bucket in a CloudFront distribution. This increases the speed and accessibility of the website’s static tremendously since it is more local and cached.
My final word of advise. I did some screwing around with Apache2 and SSL. If you use the letsencrypt certbot and it keeps giving errors, but you still go to the site and the certificates are properly installed and verified, assume the certbot software is still beta. I kept getting error after error, but after a few trials and tests, everything seemed to be OK.