Server security best practicesWritten by Jacob Nicholson
In this article we'll discuss some basic server security best practices you'll want to follow, to help ensure that your server and users remain secure.
By default when we provision a new server for you, it should come with the latest stable secure versions of all the server software that we provide. So typically right from the start your server should be secure against most common forms of attacks. You can continue to read below for common things you'll want to keep in mind in regards to the overall security of your server.
One of the best ways to help secure your server is by limiting access so that only yourself, or your team has access to the server. By default the firewall on your server will not allow any remote IP addresses to connect via the SSH secure shell service to help limit your exposure to some common security risks.
You'll also want to ensure that you have very secure passwords setup for all of your cPanel users, especially the main cPanel user which is also your WHM (Web Host Manager) reseller account. As that main cPanel account has access to log into WHM, and from there a potential attacker would have access to reset the passwords on any of your other accounts, or add their IP address to the firewall so that they can connect directly to the server over SSH.
If you happen to have root access on your server, it's is extremely important that this password is strong and not stored in an insecure location. If an unauthorized user logs into your server via the root user they can do things such as clear the server's command history or install malicious binaries in place of valid ones. In most cases when a server with root access is compromised this requires an evacuation to a new server to ensure nothing is left behind.
Make your server secure enough to handle credit card data
In general it's recommended to follow the PCI DSS (Payment Card Industry Data Security Standard) guidelines for server security, as these are the requirements that your server must meet security wise in order to pass a PCI scan, which allows you to accept credit cards and store that information directly on your server securely.
In some cases some of the security recommendations could be a bit overkill for more general purpose websites, but when it comes to the security of your server it's always better to be safe than sorry. You can take a look at our article on how to pass PCI compliance scans for more information on the common things you can do to help further secure your server.
General application security and updates
Probably the most common way that a server's security is compromised is actually by the 3rd party applications that you load onto your server having an exploit in them. It's important to stay very vigilant in keeping up with your application's security updates, as well as any plugins, themes, or other add-on updates that you're using for that application.
Because these applications are on the Internet and accessible from anywhere, they typically are targeted again and again by hackers until they're able to find an exploit that allows them access. Once this information is known to the public the application's developer will typically patch the exploit with a newer version, when you don't upgrade to the latest version provided by your application you run the risk of being hacked.