LiteSpeed Fundamentals

Let's look at the advantages of using LiteSpeed over Apache and nginx

In this lecture we look at the differences between LiteSpeed and Open LiteSpeed and why LiteSpeed is better suited to hosting multiple WordPress sites.

In this lecture we look at the various LiteSpeed licenses

A working knowledge of WordPress is all your need, I'll teach you all you need to know to start self hosting your WordPress sites using LiteSpeed web server.

A text editor, a web browswer and a terminal emulator is all your need to complete this course. Linux and MACOS users, you can use terminal. Windows users, depending on the version of Windows you're using, you can use wither Git Bash or Windows Terminal Preview. No software purchase of any kind is required. All the required software is free.

I need to discuss a few aspects about this course.

You can use any domain registrar, but I recommend you use Cloudflare's FREE DNS services. 

In this lecture I discuss Virtual Machines and why it's pointless using a VM.

If you are new to Linux, it's important that you complete this section of the course. The Essential Skills section will teach you the beginner Linux skills you need to complete this course and start self hosting your WordPress site successfully.

This lecture is the end of Section One of the course.

This lecture looks at Linux distributions and how they relate to this course.

You are going to be using "terminal" to configure your server, so it's important that you understand what a terminal emulator is and more importantly, how it is used to administer a server.

In this lecture you are going to start using terminal, its important that you familiarize yourself with the terminal window layout.

Understanding the Linux file system lays the groundwork for later aspects of the course. Equally important is the skill to navigate the file system.

Understanding what is meant by users and groups in Linux and how they relate to ownership and permissions is very important.

Ensuring that the correct ownership and permissions are set correctly on files and directories is the first step in hardening your server and your web application. In the course we will set the ownership and permissions based on the WordPress codex and the principle of least privilege.

We are going to be using the built in editor Nano to edit various configuration files, so it's important for you to be able to use Nano correctly. We are also going to look at configuration file layout in this lecture.

This lecture deals with how you install software on your server. You make use of the Package Manager to install packages - software - from the official Ubuntu repository on your server.  Using the package manager is almost like using a mobile app store.

In this lecture we will look at the Server Fingerprint, which ensures you don't fall victim to a "Man in the Middle" attack. We'll also look at ssh key authentication, which allows for "passwordless" server logins.

In this lecture we look at automating commands using bash scripts. We also look at the built in scheduler, CRON. CRON will be used to automatically renew our SSL certificates.

This lecture also concludes the Essential Skills Section of the course.

Your journey to self hosting WordPress sites starts here. You are going to create a server instance and start the process of configuring your server.  No support from your host is required, the course covers everything you need to know.

Initially, you will login to your server as the ROOT or Administrative user and start the process of configuring your server. Working as the root user can be "dangerous", so after completing a few configuration steps, we will create a new user and login as the new user. We will also block the root user from logging in.

You will continue configuring the server, as a non root user.

You will not login using a password, but rather using ssh key authentication. In this lecture you will configure ssh key authentication and login using ssh key authentication.

A config file allows you to login to a server by typing the command an an alias, no complicated commands to remember. Quick and easy server login using a "config" file.

From a security aspect, it's important that the packages - software - installed on your server is kept up to date. This lecture looks at the update process.

The firewall is the most important step in server hardening. We will use the following policy: lock everything down and only open what's needed for the server to function without issue. We will look at enabling a firewall policy on the server and also enable a "cloud" firewall that will stop attacks before they even reach your server.

Brute force attacks are an everyday occurrence when administering your own servers. Fail2Ban stops brute force attacks by banning the offending IP address.  This requires no interaction on your part, setup Fail2Ban and it will "protect" your server from brute force attacks.

In this section we are going to further harden the server as well as start to optimize the operating system to help us squeeze every bit of performance we can get out of the server. You cannot tune LiteSpeed for performance and security without first tuning the server operating system for performance and security

As the /run/shm space can be exploited we need to secure this space in shared memory

: The TCP/IP stack default configuration needs to be hardened.

We'll set the timezone to your local time

The TCP/IP stack default configuration needs to be optimized.

We are going to install Tuned. Tuned is a profile-based system tuning tool that enables both static and dynamic tuning of system settings.

For a performance boost, we are going to disable the filesystem from keeping track of the last time a file was accessed or read

In the event of your server running out of memory, it can make use a ssd space as virtual memory. SWAP is to help prevent your server crashing in the event you run out of memory.

By default, the maximum number of open files allowed per process is set very low. Since sockets are considered files on a Linux system, this limits the number of concurrent connections as well. We need tom increase the maximum number of open files allowed per process.

We'll start off by ensuring that the server packages are updated and that there are no pending reboots due to the updates.

You also need to open port 7080 to access the web admin console. This adds a huge brute force attack target. Your web admin console will constantly be attacked by bots. What we are going to do, is open the port but only to your IP address.

As LiteSpeed is a commercial product the installation process is a little different to installing a package from a repository.

You need to purchase the ALWAYS FREE license. Your license details will be sent to the email address you provided when purchasing the license. Then you download LiteSpeed to your server and install. The process is straight forward and should present no issues.

To configure LiteSpeed you'll use the LiteSpeed Web console. It's much easier using the web console than editing configuration files using nano.

We are going to install MariaDB from the official repositories. After installing MariaDB, we need to harden the default settings, by running the built in MySQL secure installation script.

Further optimization will follow...

We are going to install LiteSpeed PHP. LiteSpeed PHP is an optimized compilation of PHP built to work with LiteSpeed products through the LiteSpeed Server Application Programming Interface (LSAPI)

We need to configure LiteSpeed to process php. Unlike Apache, which has php processing embedded into the application, LiteSpeed is like nginx, where php processing is handed off to an API for processing.

The php.ini file is optimized for the LSWS. As such, very little needs to be changed by us, all we need to do is tweak the settings to help ensure the php environment is better suited to hosting WP sites.

To complete the course, you'll need a domain name. You'll also need to create two DNS records and then point those records to your server.

Configuring a mail server with postfix or sendmail requires a large number of steps to be performed and a careful configuration, due to all the services that need to be configured. Some of the steps include DKIM, SPF, DMARC, Reverse DNS, etc. Mail server administration is a complex, time consuming task and way beyond the scope of this course. Using postfix or sendmail for transactional mail is also not needed.

An easy solution is to make use of MSMTP and a third party mail provider for your mail from the server.

Virtual Hosts are used to host multiple web sites using a single IP address. What that means is you can host multiple web sites on a single server. We are going to create three virtual hosts.

Before installing our WP site, we need to create the database. We will be using a MySQL fork, MariaDB, as our Database Management System.

We won't be installing phpmyadmin for advanced database administration as it's a target for attack. Rather than using phpMyAdmin, I recommend you use a MariaDB client, that is installed locally and not on the server. We'll look into this aspect shortly.

You need to create the database, then, you need to add a database user, give that user a password and give the user privileges on the database. By giving a user privileges, you are giving that database user the right to execute a particular sql statement.

To install a WordPress site, we are going to take the following steps.

Download WordPress  and extract the WP files from the gz file.

You then need to configure .htaccess and wp-config.php, after which you move the files to your virtual hosts root directory.

The last step is the famous 5-minute WordPress install

We are going to install a sub domain WordPress site.

In this section of the course you are going to:

• install free Lets Encrypt SSL certificates for all of your sites

• configure LiteSpeed to obtain an A+ rating for your certificate configuration

• setup automatic renewal of the ssl certificates

• secure the http headers to ensure a safer browsing experience for visitors.

In this section, you are going to harden WordPress, starting with DDoS. A DDoS attack occurs when a server's bandwidth resources are overwhelmed by attackers.

In this lecture, you are going to configure the built in LiteSpeed Brute Force Protection option.

We are going to enable the LiteSpeed Web Application Firewall. The WAF will filter and monitor HTTP traffic between our WP site and the Internet. It will detect and block bad requests, such as cross-site scripting (XSS), SQL injection, and cookie poisoning by matching them to known signatures WAF operates through a set of rules often called policies. We are going to install the Comodo MODSEC rule sets.

LiteSpeed has built in hotlinking protection.

Hotlinks are requests made from an external website to files on your own website often referred to as "leeching". They are stealing your content and driving up your hosting costs by stealing your bandwidth. Once LiteSpeed hot linking protection has been setup, your site content and bandwidth cannot be stolen.

Setting the correct ownership and permissions on your WordPress files and directories is very important.

A major downside of using a server WAF are false positives. Administering a WordPress site with a WAF enabled, can be difficult task as the WAF can end up blocking theme, plugin and even core WP functionality.

If you are experiencing issues when the WAF is enabled, rather look at using a WordPress WAF.

With any WordPress site, the aim is to query the database as little as possible. The more you query the database, the slower your site will be. Now, to speed things up, we need to cache the database queries. This is what object caching does. Object caching stores database query results that have been loaded. So, next time these queries are requested, the database is not queried and the results are served from memory. This results in a much faster WordPress site.

WordPress has object caching built is, but it's not persistent and it only lasts while the query is being made, that is only a single page load. This is not very efficient. What we need to do is implement a persistent object cache configuration, so that persists for subsequent page loads. For this we are going to use either Memcached or Redis.

In this lecture you will install and configure Memcached

In this lecture you will install and configure Redis.

Caching is the process of storing frequently-accessed data in a temporary storage location so it can be reused for subsequent requests.

When a visitor requests a page or post from your site, the web server receives the request and using PHP, sends a query to the MySQL database. After retrieving the requested information from the database, WordPress uses PHP to compile this data into a html page and the page is returned to the user. The page returned to the user can include images, JavaScript, CSS and even videos.

Serving pages in this manner is "expensive". Expensive in the sense of requiring server resources to process the request. You cannot query the database and have php build a html page on every request from a client. Your site will be slow and require huge amounts of resources. Under load your server will slow down and it may even crash, due to the memory demands of the database, php and LSWS.

For this reason you need to setup different layers of caching.

PART ONE: I've split this lecture into two parts...

To optimize WP, we are going to make use of the LiteSpeed Caching plugin.

The LiteSpeed Cache for WordPress plugin is not just a caching plugin, it's an all-in-one performance and optimization plugin.

The long list of features and exclusive features are a testament to the fact that no other optimization plugin is needed.

Best feature of all, the LiteSpeed Cache for WordPress plugin is 100% free.

PART TWO: I've split this lecture into two parts...

To optimize WP, we are going to make use of the LiteSpeed Caching plugin.

The LiteSpeed Cache for WordPress plugin is not just a caching plugin, it's an all-in-one performance and optimization plugin.

The long list of features and exclusive features are a testament to the fact that no other optimization plugin is needed.

Best feature of all, the LiteSpeed Cache for WordPress plugin is 100% free.

Adding Cloudflare to your site adds an additional layer of performance and security to your site. It's important that Cloudflare is setup correctly, this lecture ensures that.

PART ONE:

Database optimization is best performed over a period of time. As each site is unique, I can only give you the recommended starting values. Then you need to make use of mysqltuner and optimize your db settings on a monthly basis.

The golden rule of database optimization, higher is not always better. Be conservative and increase values in small increments.

There are no quick fixes when it comes to database optimization. It needs to be done on a continual and regular basis.

PART TWO:

Database optimization is best performed over a period of time. As each site is unique, I can only give you the recommended starting values. Then you need to make use of mysqltuner and optimize your db settings on a monthly basis.

The golden rule of database optimization, higher is not always better. Be conservative and increase values in small increments.

There are no quick fixes when it comes to database optimization. It needs to be done on a continual and regular basis.

We won't be installing phpMyAdmin on the server, as it's a huge target of attack.

If you prefer to use a GUI based application to perform administration tasks: e.g. creating a database, running queries, and adding user accounts it's best to use a MariaDB client. In this section I'm going to setup DBEAVER to securely connect to our server. The convenience of a GUI based application with the security of the command line.

In this lecture I'm going to discuss my plugin recommendations for the follow categories:

• Backups and Site Migration

• Security

• Mail Marketing

• Comments

LiteSpeed is a commercial product and unless you are using the free license, you need to pay a monthly fee for a license.

LiteSpeed offers many advantages over Apache and nginx. Performance is stunning when compared to Apache and LiteSpeed is much easier to configure when compared to nginx.

Having knowledge of and being able to configure LiteSpeed is an important skillset as more and more clients are starting look at hosting using LS. It's also an additional service you can offer your clients, albeit at a slightly higher price due to the license that needs to be purchased. Most clients don’t mind paying extra when you explain the benefits and advantages of using LiteSpeed over Apache and nginx.

In this lecture I'll we'll look at the different LiteSpeed licenses.

In this section we are going to look at upgrading and downgrading LiteSpeed. LiteSpeed can be upgraded and downgraded with no downtime, quick and easy.

In this lecture we cover installing LiteSpeed using a trial license and a paid license.

In this lecture we cover the LiteSpeed license migration process, this is the process of moving your license to a new server. If you use my workflow, your sites will experience zero downtime.

Thank you for taking my course.