Cloud Security Project 2026

Project Overview

This project demonstrates the implementation of comprehensive security measures for a WordPress deployment on AWS EC2. The infrastructure has been hardened following industry best practices and tested using professional security tools.

    ┌─────────────────────────────────────────────────────────────┐
    │                    ARCHITECTURE OVERVIEW                     │
    └─────────────────────────────────────────────────────────────┘

    InMotion Hosting (DNS Only)          AWS Cloud (Infrastructure)
    ┌─────────────────────────┐          ┌─────────────────────────┐
    │                         │          │     EC2 Instance        │
    │  cloudsec.davidtkeane.com   │────DNS──▶│  Amazon Linux 2023      │
    │                         │   A      │                         │
    │  - Subdomain A Record   │ Record   │  ┌───────────────────┐  │
    │  - Points to EC2 IP     │          │  │  Apache (httpd)   │  │
    │                         │          │  ├───────────────────┤  │
    └─────────────────────────┘          │  │  WordPress + Sec  │  │
                                         │  ├───────────────────┤  │
    Note: InMotion provides DNS          │  │  MariaDB / MySQL  │  │
    resolution only. ALL security        │  ├───────────────────┤  │
    testing targets the AWS EC2          │  │  PHP 8.x          │  │
    instance infrastructure.             │  └───────────────────┘  │
                                         │                         │
                                         │  CloudWatch | IAM | SG  │
                                         └─────────────────────────┘

Important: DNS is handled by InMotion Hosting (subdomain A record). All infrastructure, security controls, and testing are performed against the AWS EC2 instance. This separation demonstrates understanding of DNS vs hosting architecture.

Security Measures Implemented

✓ AWS Security Groups - Restricted port access (SSH, HTTP, HTTPS only)
✓ SSH Key-Only Authentication - Password login disabled
✓ CloudWatch Monitoring - Real-time alerts and logging
✓ SSL/TLS Encryption - HTTPS enforced with Let's Encrypt
✓ WordPress Hardening - Security plugins, 2FA enabled
✓ Wordfence Firewall - Web Application Firewall active
✓ Login Protection - Rate limiting, failed login lockout
✓ File Permissions - Secured wp-config.php and directories

Technology Stack

AWS EC2 Amazon Linux 2023 Apache MariaDB PHP WordPress Wordfence Let's Encrypt CloudWatch

Security Testing

Command Line Tools (Run from Kali/Local)

🔍

Nmap Scanning

Port scanning and service detection

nmap -sV -sC [target]

🛡

WPScan

WordPress vulnerability assessment

wpscan --url [target]

🛠

Nikto

Web server security scanner

nikto -h [target]

🔐

Nessus

Comprehensive vulnerability scanner

Target: [domain]

Online Scanners (Click to Run Live!)

🔒

SSL Labs Test

Click to test HTTPS configuration

RUN LIVE

📜

Security Headers

Click to check HTTP headers

RUN LIVE

🔬

Mozilla Observatory

Click for comprehensive scan

RUN LIVE

🛡

Hardenize

Click for infrastructure audit

RUN LIVE

Live Testing: The online scanners above will test the actual cloudsec.davidtkeane.com site in real-time. Command line tools (Nmap, WPScan, Nikto) must be run from Kali Linux or your local machine.

Project Links

WordPress Admin Secure Login (2FA)

Admin access demonstrates 2FA authentication and security plugin dashboard