In this article we'll discuss some basic server security best practices you'll want to follow, to help ensure that your server and users remain secure.

By default when we provision a new server for you, it should come with the latest stable secure versions of all the server software that we provide. So typically right from the start your server should be secure against most common forms of attacks. You can continue to read below for common things you'll want to keep in mind in regards to the overall security of your server.

Limiting access

One of the best ways to help secure your server is by limiting access so that only yourself, or your team has access to the server. By default the firewall on your server will not allow any remote IP addresses to connect via the SSH secure shell service to help limit your exposure to some common security risks.

You'll also want to ensure that you have very secure passwords setup for all of your cPanel users, especially the main cPanel user which is also your WHM (Web Host Manager) reseller account. As that main cPanel account has access to log into WHM, and from there a potential attacker would have access to reset the passwords on any of your other accounts, or add their IP address to the firewall so that they can connect directly to the server over SSH.

If you happen to have root access on your server, it's is extremely important that this password is strong and not stored in an insecure location. If an unauthorized user logs into your server via the root user they can do things such as clear the server's command history or install malicious binaries in place of valid ones. In most cases when a server with root access is compromised this requires an evacuation to a new server to ensure nothing is left behind.

Make your server secure enough to handle credit card data

In general it's recommended to follow the PCI DSS (Payment Card Industry Data Security Standard) guidelines for server security, as these are the requirements that your server must meet security wise in order to pass a PCI scan, which allows you to accept credit cards and store that information directly on your server securely.

In some cases some of the security recommendations could be a bit overkill for more general purpose websites, but when it comes to the security of your server it's always better to be safe than sorry. You can take a look at our article on how to pass PCI compliance scans for more information on the common things you can do to help further secure your server.

General application security and updates

Probably the most common way that a server's security is compromised is actually by the 3rd party applications that you load onto your server having an exploit in them. It's important to stay very vigilant in keeping up with your application's security updates, as well as any plugins, themes, or other add-on updates that you're using for that application.

Because these applications are on the Internet and accessible from anywhere, they typically are targeted again and again by hackers until they're able to find an exploit that allows them access. Once this information is known to the public the application's developer will typically patch the exploit with a newer version, when you don't upgrade to the latest version provided by your application you run the risk of being hacked.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 200900

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!