The project was hosted using Amazon EC2, with a t2.micro instance running Amazon Linux. Used to protect the web application from common web exploits by setting up custom rules. Implemented to monitor the health and performance of the instance, including alarms for high network traffic. Integrated for scalable storage with backup capabilities. Assigned an Elastic IP address for public access to the instance. Deployed WordPress on the EC2 instance using the LAMP (Linux, Apache, MySQL, PHP) stack. Configured HTTPS using self-signed certificates and later upgraded to a CA-signed certificate via Cloudflare. Implemented using the WordFence plugin for enhanced login security. Configured Cloudflare for DNS management, SSL/TLS encryption (v1.3), and DDoS protection. Enabled 2FA, performed real-time traffic analysis, and added firewall protection. Monitored file integrity, user activity, and login attempts. Used for brute-force attack protection and login attempt monitoring. Applied security configurations such as strong password policies, session timeout, and TLS enforcement. • An AWS account with EC2 access.
• A domain name (optional; used Get.tech for this project).
• Basic knowledge of Linux command line and WordPress.
• Select Amazon Linux 2023 AMI and use the t2.micro instance type.
• Configure network settings to allow SSH, HTTP, HTTPS traffic from anywhere.
• Allocate an Elastic IP and associate it with the instance. sudo yum update -y
sudo yum install httpd php mariadb-server -y
sudo systemctl start httpd
sudo systemctl enable httpd
sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo mysql_secure_installation • Download and configure WordPress by setting up a database in MariaDB and editing the wp-config.php file.
• Install necessary PHP extensions and libraries.
• Install SSL using OpenSSL and set up a self-signed certificate. • Later, configure Cloudflare for DNS management and obtain a CA-signed certificate for HTTPS. • WordFence for 2FA and real-time monitoring.
• Sucuri Security for file integrity monitoring.
• Jetpack for brute-force protection.
• Set up AWS CloudWatch for instance health monitoring.
• Use Datadog for additional instance health insights.
To ensure the security of the web application, multiple vulnerability testing tools were used: • Performed static and dynamic vulnerability scanning of the WordPress website. • Generated reports showing no high or critical vulnerabilities. • Used advanced scan options to detect 20 medium-risk vulnerabilities related to SSL and outdated software, which were mitigated by updating SSL and server packages. • Assessed the attack surface of the web application, checking for input validation and authentication weaknesses. • Scanned open ports and checked for unnecessary services running on the server. • Specifically focused on WordPress vulnerabilities, revealing initial security risks that were resolved with plugin updates and secure configurations.
| Threat | Vulnerability | Mitigation Technique | Tools Used |
|---|---|---|---|
| Unauthorized Access | Weak password policies | Enforced strong password policies and 2FA | WordFence, AWS Cognito |
| Brute Force Attack | Repeated login attempts | Implemented captcha and account lockout policies | Jetpack, AWS WAF |
| Data Theft | Lack of secure communication | Enabled HTTPS with a CA-signed certificate | Cloudflare |
| DDoS Attack | Resource overload | Deployed AWS WAF and Elastic Load Balancer | AWS WAF, Cloudflare |
]
