I first read the idea of using VPN to access your AWS instances in one of many books about AWS (maybe it was AWS for Dummies?). Author created a EC2 instance based on AMI with OpenVPN. I decided to do the similar thing.
10 years ago I setup OpenVPN server myself right on the main router on my job. I had to compile it from sources and then configure. Now I am too lazy for that and found a nice article How to setup your private VPN on Amazon AWS. Thanks webdigi!
I quickly ran through there CloudFormation template and found nothing suspicious. It took actually less then 10 minutes to get up and running. And the first thing I did is denied SSH connections to my WordPress from all IPs except my VPN. Got illusion of safety and protection now 🙂