I created a droplet from DigitalOcean. And installed WordPress with LEMP (Ubuntu 18.04, PHP-FPM, Ngix server).
Also Cloudflare’s cache everything rule is activated and working well with brotli, minifying etc.)
My questions are these:
All of above options are enough? Or should I use any additional caching way? I mean that CF cache everything rule will be enough or Should I install any WP cache plugin or Fastcgi cache (for caching html and php)?
Should I use Autoptimize plugin only instead of any cache plugin? or which caching way do you recommend for me?
And last, is there any simple guide for essential nginx security configuration? I want to make my server secure but I don’t know anything…
In that case dont bother with the webserver configuration and make sure your firewall configuration is properly set to only allow inbound web connections from Cloudflare addresses listed at https://www.cloudflare.com/ips/
Not Nginx related. Make sure it is not reachable on a system level. On Linux that would be either iptables (or its successor nftables). If you use a different system you’d need to use other applicable tools respectively.
As long as the operating system does not accept non-Cloudflare addresses the webserver configuration is secondary. Not that you should neglect it, a secure webserver is important, but the point is the primary block should happen on an operating system level and not webserver level.