I understand your situation when your website is hacked, So when it is hacked you must take down the machine and check what is exactly happened in that machine, Checking logs etc.
- I would suggest you to User AWS WAF, AWS WAF is Managed Service if your application is in Single Ec2 machine its not possible to you WAF so you can use either Load Balancer or CDN before integration of WAF.
- You can AWS predefined WAF rules to block unwanted traffic for example bots, query based, SQL injection rules etc
- If your application is Wordpress, Please check plugins updated and do. not install unverified plugins.
- Do Configure SSL certificate for the encryption in tranist, if you use load balancer so you will get free SSL from Certificate Manager.
Please check reference architecture https://docs.aws.amazon.com/solutions/latest/aws-waf3-security-automations/overview.html
Please let me know if you have any questions.
Thank You Ganesh
Wordpress website hosted on AWS downs frequentlyasked 2 months ago
Amazon Polly Not Working on my Websiteasked 20 days ago
my website is down even after paymentasked 4 days ago
Unable to access my Website on EC2asked 17 days ago
Lightsail website not workingasked 3 months ago
Website has been hacked notification on google searchesasked 7 months ago
Shared AMI - Launched a bigger instance - None website is workingasked 2 years ago
My website is downasked 2 months ago
My website was hackedasked 6 months ago
My Website is Down and I Don't Know How to Get it Back Upasked 8 months ago