Cloud Server Security – Best Practices InMotion Hosting ContributorUpdated on June 5, 2026 7 Minute Read Cloud server setup can vary widely, as you are free to use any combination of software and applications to fit your needs. Opting for a cloud server rather than a cPanel-managed VPS gives you greater control over your Linux operating system (OS) and environment. But this also means it’s your responsibility to implement measures to protect the cloud server and the data stored on it from unauthorized access, cyberattacks, and other security threats. While cPanel administrators use Web Host Manager (WHM) features to harden servers, you’ll need to manually install the necessary software once you upgrade to a cloud server. This guide covers best practices for cloud server security. Choose the Right Operating System (OS) For You One of the first things to consider is the operating system you will install on your cloud server. There are many options available and you should ensure that you select the right server to suit your needs and the experience level of your system administration team. Also, keep in mind that you can easily change the operating system (re-OS) of your cloud server at any time with InMotion’s Cloud Server Hosting. Here are some basic tips to help you decide on the best option for you. Are you used to managing cPanel with RPMs and CentOS commands? Maybe stick with CentOS. Do you need the latest features and software versions – stable or not? Check out Ubuntu. Do you prioritize stability and minimalism? Try Debian. Configure a Firewall Some OSs don’t include a preinstalled firewall, but many are available to choose from. Check whether Uncomplicated Firewall (UFW) or Firewalld is installed. If not, install one of them, or ConfigServer Security & Firewall (CSF), and only open the ports you need. Here are some guides to help you get set up. Keep in mind that these are popular options, but you can install any firewall that you prefer. UFW (Uncomplicated Firewall) UFW is a fast, easy way to install and configure a firewall on your cloud server. Secure Your Debian Cloud Server With UFW (Uncomplicated Firewall) How to Open a Port in UFW Firewalld Firewalld is another very popular firewall option for securing your Linux-based cloud server. How to Install Firewalld on Linux How to Configure Firewalld (Basic Commands) How to Open a Port in Firewalld Whether you’re running Apache or Nginx, install ModSecurity for additional signature-based protection. Close/Change Default Ports Since commonly opened ports can be a target of attacks, closing or changing them can reduce the chances of this occurring. You can use the Network Mapper (Nmap) tool to scan your server for detailed information about port status. How to Do a Basic Port Scan with Nmap Once you have determined which ports are open, you can decide to change or close them as needed. A popular change is to switch the SSH port from 22 to something else. How to Change Your Server SSH Port We also have a helpful guide on how to close open ports for PCI compliance if that is needed. Use SCP For Secure File Transfer If you are closing port 21, which is usually used for FTP, you will need another way to handle file management. SCP is based on SSH and uses the same port. How to Use SCP For Secure File Transfer Control Access It’s important to manage access to your server by limiting who is able to authenticate and login. Here are some ways to control access. Disable Password Login By default, password authentication is disabled on your server. This greatly reduces the risk of an unwanted login and requires you to use SSH Keys to access your Cloud Server. Use SSH/SFTP Since SSH keys are required before you can access your cloud server, you have the ability to manage them directly from your Account Management Panel (AMP). Managing SSH Keys for Your Server Complete SSH Security and SFTP Guide For Ubuntu Cloud Server Utilize Groups/Roles If you have users who need the same level of access, it is helpful to create a group. You can then set the permissions or “roles” for the entire group at once. Now any users assigned to that group will have the same permission level. This can often be managed with the chmod command. chmod command You can also create regular user accounts, so you don’t need root access unless needed. In many cases, it’s better to use the normal user account, and sudo when administrator privileges are required. This makes access log auditing easier by minimizing the expected activity for the root user account. How to Create a Sudo User in Debian 8 Install an SSL Certificate cPanel servers rely on AutoSSL to maintain Comodo-signed, domain-validated (DV) SSL certificates. Without server management software, you’ll need to manage SSL certificates manually or use external tools. There are many websites that will create SSL’s for you, such as letsencrypt.org. But you can also purchase SSL certificates from AMP if needed. How to Purchase an SSL From AMP We recommend installing Certbot to generate and automate SSL certificates. Then ensure all traffic is forced to port 443 (HTTPS). How to Install Let’s Encrypt SSL on Ubuntu with Certbot Security HTTP Headers and Subresource Integrity (SRI) Security HTTP headers and SRI help your SSL protect your visitors’ privacy and prevent cross-site scripting (XSS). Start with Strict-Transport-Security (HSTS) to enforce SSL usage in browsers, and Referrer-Policy to sanitize user input to analytics software. Then slowly work on Content-Security-Policy (CSP). Submitting your website for preloading at Hstspreload.org isn’t required or recommended for websites that aren’t proactively maintained. It’s still a good practice to use the web application to check your HSTS header. DNS Security (DNSSEC) Add Domain Name System Security Extensions (DNSSEC) to your server, or enable DNSSEC with Cloudflare, to validate your websites to internet users with secure DNS resolvers. InMotion Hosting nameservers and a long list of popular TLDs support DNSSEC, including .com, .net, and .org. Contact your domain registrar for more information. How to Enable DNSSEC with Cloudflare Update Applications/OS Ensure all installed software is updated regularly to address security patches and known vulnerabilities. If any software you use can’t alert you of available updates via email or log entry, follow the developer’s official social media account(s) or RSS feed. If you need assistance upgrading your server OS, contact our InMotion Solutions team. Other Considerations Prevent Data Loss With Backups Having backups of your server environment is an important consideration when securing your cloud server, as it can help reduce the damage caused by malware, hacks, or breaches. You can easily create server snapshots in AMP, but keep in mind that you cannot restore individual files from a snapshot. Therefore, create and verify server backups at least monthly. It’s also beneficial to store backups on another server or location so they would not be affected. If you use Webmin, Vesta Control Panel, or another server management suite, learn how to create, verify, and download server backups manually and automatically. The redundancy ensures you always have a way to create and restore backups. Audit Regularly Regularly assessing the security of your cloud server should be a priority. If you have a complex server environment requiring many open ports, consider using Nmap to audit your setup. After auditing, you can try to pressure-test any identified or suspected weaknesses. If any vulnerabilities are detected, they can then be addressed. Install an Anti-Virus Scanner Does your web application allow users to upload files? If so, you should have an AV scanner check those files for malware signatures upon upload and periodically afterward as changes occur. Here are some popular options: ClamAV Linux Malware Detect (LMD) (Also known as maldet) Rootkit Hunter (rkhunter) Training There are many free cybersecurity training platforms and vulnerability assessment tools available to help you learn more about securing your website or Linux in general. I recommend starting with cybersecurity awareness training from DoD Cyber Exchange. Additional Support Resources InMotion Solutions specializes in custom server-level configurations and optimizations. Ask Live Support about Launch Assist to help you get started and to learn about your allotted Managed Hosting time. Community Support Center is the place to engage the community for support, alternatives, and additional assistance. Remember, the forum is not a live chat support medium and InMotion administrators do not have access to your hosting account. For immediate assistance with support and billing, contact our 24/7 Live Support. Congratulations, you should now understand the best practices for how to secure your cloud server hosting. We recommend bookmarking our Cloud Server Hosting Product Guide for future reference. If you don’t need cPanel, don't pay for it. Only pay for what you need with our scalable Cloud VPS Hosting. CentOS, Debian, or Ubuntu No Bloatware SSH and Root Access Share this Article IC InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles cPanel vs Other Web Hosting Control Panels Choosing Vesta Control Panel Cloud Server Security – Best Practices Install Webmin on CentOS Install Webmin on Ubuntu 20.04 Adding a User and Domain to Vesta Control Panel How to Manage DNS from AMP for Cloud Server How to Change Your Server SSH Port How To Manage SSH Keys for Your Server How to Re-OS Your Cloud Server in AMP
