= Is self hosting a WordPress site on residential internet viable? =
I've been looking into hosting a WordPress site on my home server rather than paying for hosting. With my current internet plan I have 100 down 15 up, which is unfortunately the maximum my ISP offers in my area. I'm just looking to post a simple blog. What can I honestly expect traffic wise? How many visitors would it take for there to be a noticable impact on my internet usage?
Traffic wise youâÃÂÃÂre unlikely to have any major issues, unless your site is particularly media heavy.
However, you could proxy your site through CloudflareâÃÂÃÂs free plan and if you setup the various Wordpress SEO / caching plugins correctly, youâÃÂÃÂll offload a load of traffic to Cloudflare and itâÃÂÃÂll massively reduce the amount of data being uploaded from your home server when someone visits your site.
You might also want to check that there arenâÃÂÃÂt any restrictions from your ISP on hosting websites via your home internet connection, including terms of use and technical restrictions (eg CGNAT). If you donâÃÂÃÂt have a public IP address then setting up a cheap VPS and WireGuard would work, but then you might as well host WordPress on there too unless there are specific reasons you want it on your home server.
If OP decides to use Cloudflare any CGNAT issues / ISP restrictions on inbound ports can be mitigated by just publishing the site via a Cloudflare Tunnel (
cloudflared binary).
It's generally more performant and is a more secure way of getting a service online with Cloudflare anyway and certainly a lot less hassle than VPS fronting etc.
I host about 10 services from home that arevisible (30 services total). The way I handle this is:
Lock down my ISP router to only allow port 80 and 443 inbound, disable all UPnP too.
Run a dedicated firewall (Untangle) and geo block all countries except my own. I have a very small blog and most of my services are for me only, so I don't need global availability. This blocking cuts nearly all the port scan attempts. The F/W also runs intrusion detection and matches (blocks) against known compromised IP addresses, so it's stopping pretty much everything.
All my services are run via an nginx reverse proxy which does name match pass only. If the URL entered doesn't exactly match it gets dropped. My A records are random strings for the most part (apart from the blog) so would be pretty impossible to guess and are not publicised anywhere. Every services is SSL only with certbot autorenewal. Connections on port 80 are auto redirected to 443.
All services run in containers on Kubernetes so any compromise if very limited in scope.
Everything is logged and all services have 20 character passwords plus 2FA, so they cannot be brute forced on password generation. Fail2ban picks up repeated failed attempts and blocks for 30days.
I have a full Veeam license (dev license) that allows me to back up to AWS S3 every day for recovery. S3 is versioned so I only have 1 "copy" in the cloud and 29 "versions", giving me a full month rollback if required. I also maintain 2 local copies on a NAS and an external USB3 drive.
Lastly I have a script that runs every hour that scans my ISP IP against my R53 A record (I have one A record and 20 or so CNAME records, so I only have to change one for the script) and changes it should my ISP force an IP change. They sometimes do this around midnight every 2 weeks or so, but sometimes I can get an ADSL drop during the day which will also result in a new IP address.
The geo block caught me out recently. I activated that in my unify firewall recently, and blocked most countries. Turns out that some services hosted in such countries wonâÃÂÃÂt function - even if the originating request comes from your PC. My wife wasnâÃÂÃÂt too amused when she wasnâÃÂÃÂt able to access her company portal anymore, nor could do her timesheet.. apparently those services are hosted in some lower cost countries for her employerâÃÂæ
In my case fail2ban allows 1 failed attempt in a 24 hr period and upon that failure it perma bans the IP. All access to the service via SSH is logged and an email is sent. I use a quite elaborate SSH jump server that requires 8k bit rsa.
Fail2ban covers a plethora of services that are run on my home servers.
I've been doing precisely this for the better part of the last 20+ years.
I also happen to have a /28 from all of the providers I've had service with, so that becomes easy, with 16 public-facing static IPs to work with.
You may want to route it through cloudflare to block Russian, Chinese and other well known countries from accessing the site. Otherwise you will have a lot of regular "visitors".
Once I did that I barely get any visitors in my site.
Is it technically the same if I want to allow Russian and Chinese visitors but blocking theUnited States of America from visiting the site?
I don't believe in this approach, expecially if your traffic is not restricted to your country. Just let the firewall be triggered on suspicious access and ban permanently each address; at least that's what I did. Beside security analytics can be difficult or straight impossible with a CDN on front. SSL, service abstraction (container, vm) and every other security levels are implied
Or use pfsense as your router. Add pfblocker-ng and use geoip blocking to block any country you wish.
You sure can. But its much more convenient to host your site on a low cost shared hosting for $10-$12 per year. You can even host your site on a low cost vps for $15-$20 per year. Electricity cost of running a x86 server will be much more than $20 per year I think, so it does not make sense to run a whole server just to host a blog. If you plan on doing much more with the server, then maybe its worth hosting it locally.
If you really want to host your site locally, then I would suggest buying a raspberry pi or some pi clone like orange pi. Then host the website on that, those small single board computers consume lot less energy.
To be quite honest, I'd be surprised if anyone but yourself, some friends your told, and, depending on your SEO, some random people on the internet found their way to your site. As long as you don't have more than say 3-5 concurrent users I would think you would be good. I'd say maybe 10ish concurrent users to notice a dip in upload speeds.
I'm planning on writing articles and sharing them on social media. I'm hoping I get more visitors than that, but I wouldn't hold my breath.
== About Community ==
Members
Online
Reddit
