Free & Easy Staging Environments for WordPress Sites on AWS
If you are a web developer working with clients, running your own business website, or simply hosting your personal blog, you likely want to have a way for you or your customers to privately preview changes before they are made public. With Twingate Starter, you can easily create a private staging environment that is completely inaccessible from the public internet but still shareable with collaborators or clients — all without setting up a VPN, port forwarding, static IP addresses, or configuring DDNS.
In this guide, we’ll walk through how to set things up on WordPress running on Amazon Lightsail, but the same general steps also work if you use other solutions like AWS EC2, Digital Ocean, or Linode. Please also join us in our community forum to share and discuss your experience and any other use cases you’ve discovered!
Amazon Lightsail is an easy way to get up and running on AWS and comes with pre-configured instances of WordPress to make it really fast to start building a website, and it is free for the first 3 months. Please follow the short guide here to create an instance if you don’t already have one.
Restrict access to your Lightsail instance
After the quick setup, you (or anyone else) are now able to access your WordPress site via the Public IP address associated with your Lightsail instance. Since we want to restrict access to our staging environment, we can go to the “Networking” tab and remove the HTTP/HTTPS access rules under the “IPv4 Firewall” section.
If you try the Public IP address again, you should find that it’s no longer accessible.
In the rest of this guide, we’ll show you how to use Twingate to grant yourself (or any other trusted party) secure, private access to your instance via just the Private IP address.
Sign up for Twingate
Twingate Starter is a new free plan that is designed for home and personal use. If you don’t have an account already, please click here and follow the simple steps to sign up for a Starter account and begin the initial setup.
Create a Remote Network
After creating a Twingate account, from the main “Network” page, add a new Remote Network and give it a name. This represents the network we’re going to connect to — in this case, our Lightsail instance.
Add a Connector
The next step is to deploy a Twingate Connector, which is a piece of software that allows for secure access to your remote network and the services running on it. In addition to Lightsail, it can also be deployed to other cloud instances (AWS EC2, GCP, Azure, etc.) as well as your home devices, including:
In this case, we’ll set it up on our Lightsail instance. Click on one of the automatically generated Connectors (the names are random) and complete the following steps:
- Click on Linux as the deployment method
- Generate tokens. You’ll be prompted to sign in again, after which you should see two new tokens.
- Copy the automatically generated shell command. You will soon run this command on your Lightsail instance to install the Connector there.
Go to your Lightsail instance, and under the “Connect” tab, click the “Connect using SSH” button.
This will open up a new window with a Linux terminal connected to your instance. Paste in and execute the command that was generated by your Twingate Connector (your tokens and Twingate URL will be different).
After just a minute or so, the command should complete and you should see that the Connector status has turned green, indicating that you’ve successfully deployed the Connector on your Lightsail instance.
Add a Resource
Go back to your Remote Network and click on the “Add Resource” link. You’ll see a popup like the one below. Click on the “CIDR Address” box, choose a Label name for the Resource, enter the private IP address of your Lightsail instance that’s displayed in the “Networking” tab of your Lightsail console, and click “Add Resource”. Congrats! You now have secure, private access to you Lightsail instance and can use it as a staging environment for your WordPress site.
Download the Twingate client
All that’s left to do now is to install Twingate on your device (we support Windows, Mac, Linux and have apps for iOS and Android) to authenticate your account and authorize your access to the instance. As an example, let’s walk through setting up the Twingate client on macOS.
First, download and install the macOS app here. Type in the Network URL that you chose when you signed up (the
[abc] part of
[abc].twingate.com) and click “Join Network”. You’ll be asked to log in using the same account you used to sign up. After signing in, you’ll see that Twingate is connected with access to the Resource you created.
Click on “Open in Browser…” and you should see your WordPress site is accessible via the Private IP address of your Lightsail instance, even though it’s not accessible via the Public IP address.
Finally, disconnect from Twingate and try accessing the site again — you should see that it’s inaccessible via both the Private and Public IP addresses.
Congrats! You’ve finished setting up Twingate for your Lightsail instance and used it to create a staging environment for your WordPress site. If you run anything else on your instance like a web app, you now have a private staging environment for those as well. Join us in the community forum to share how things went and what cool use cases you’ve discovered!
Sharing is Caring
Do you want to share access to the WordPress site with a client, collaborator, or friend? You can easily do this from the Twingate web UI. Just go to the “Team” tab and click “Invite User” to send an email invitation. The recipient would simply follow the same steps to download the Twingate client, join your network, and get access to the WordPress site, or any other resource you set up!
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Announcing WebAuthn for Twingate Universal MFA
Twingate is excited to announce support for WebAuthn MFA, enabling customers to use biometrics and security keys for MFA.