{"id":48325,"date":"2019-10-09T08:50:26","date_gmt":"2019-10-09T12:50:26","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/?p=48325"},"modified":"2024-10-31T15:03:37","modified_gmt":"2024-10-31T19:03:37","slug":"ways-to-harden-your-vps-hosting","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/","title":{"rendered":"Securing Your VPS: 24 Ways to Harden Server"},"content":{"rendered":"<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-1024x538.png\" alt=\"24 Ways to Secure Your VPS Hero Image\" class=\"wp-image-107762\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-1024x538.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-300x158.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-768x403.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1.png 1200w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>There are many reasons to harden your VPS.\u00a0The best practices for <strong>VPS security<\/strong> involve learning the settings, steps, and options that are needed to keep your server secure.\u00a0You will also find yourself continually researching and updating your knowledge and software tools to keep your security up-to-date.\u00a0<\/p>\n\n\n\n<p>Server security depends on everyone who interacts with the server.\u00a0Due to this, it is important to keep in mind that all administrators working on the VPS are responsible for its security.<\/p>\n\n\n\n<p>This article will explain how to secure a VPS in 24 different ways.\u00a0Some of these items will focus on the server, whereas others will apply to your operating system, application, website software, and secure <a href=\"https:\/\/www.inmotionhosting.com\/vps-hosting\">VPS hosting<\/a>.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#firewall\">1. Use a Firewall \u2013 APF and CSF<\/a><\/li>\n\n\n\n<li><a href=\"#close-ports\">2. Close Unnecessary Ports<\/a><\/li>\n\n\n\n<li><a href=\"#change-SSH-port\">3. Change Default Listening SSH Port<\/a><\/li>\n\n\n\n<li><a href=\"#malware\">4. Malware AV Scanner<\/a><\/li>\n\n\n\n<li><a href=\"#intrusion\">5. Intrusion Detection Software<\/a><\/li>\n\n\n\n<li><a href=\"#brute-force\">6. Brute Force Security<\/a><\/li>\n\n\n\n<li><a href=\"#ssh-keys\">7. Use SSH Keys<\/a><\/li>\n\n\n\n<li><a href=\"#use-sftp\">8. Use SFTP Instead of FTP<\/a><\/li>\n\n\n\n<li><a href=\"#spam-filtering\">9. Spam Filtering<\/a><\/li>\n\n\n\n<li><a href=\"#disable-ipv6\">10. Disable IPV6<\/a><\/li>\n\n\n\n<li><a href=\"#disable-root\">11. Disable Root Logins<\/a><\/li>\n\n\n\n<li><a href=\"#limit-user-access\">12. Limit User Access<\/a><\/li>\n\n\n\n<li><a href=\"#drp\">13. Set up a Disaster Recovery Plan \u2013 Backups<\/a><\/li>\n\n\n\n<li><a href=\"#up-to-date\">14. Keep Everything Up-to-date<\/a><\/li>\n\n\n\n<li><a href=\"#monitor\">15. Monitor Server Logs<\/a><\/li>\n\n\n\n<li><a href=\"#strong-password\">16. Implement Strong Password Policy<\/a><\/li>\n\n\n\n<li><a href=\"#pci-compliance\">17. PCI DSS Compliance<\/a><\/li>\n\n\n\n<li><a href=\"#use-ssl\">18. Use SSL Certificates<\/a><\/li>\n\n\n\n<li><a href=\"#http-headers\">19. Security HTTP Headers and Subresource Integrity (SRI)<\/a><\/li>\n\n\n\n<li><a href=\"#php-versioning\">20. PHP Versioning<\/a><\/li>\n\n\n\n<li><a href=\"#disk-partitioning\">21. Disk Partitioning<\/a><\/li>\n\n\n\n<li><a href=\"#specific-security\">22. Specific Security for your Operating System<\/a><\/li>\n\n\n\n<li><a href=\"#training\">23. Training and Research VPS Security<\/a><\/li>\n\n\n\n<li><a href=\"#secure-hosting\">24. Find a Secure Hosting Service<\/a><\/li>\n<\/ul>\n\n\n\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"firewall\">1. Use a Firewall \u2013 APF and CSF<\/h2>\n\n\n\n<p>There are many types of firewalls that you can use for hardening VPS security.\u00a0It is important that you enable or configure one as soon as you have the server running.\u00a0Firewalls can help detect and prevent brute-force login attempts, port scans, and other network-based attacks within your web server traffic.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">APF \u2013 Advanced Policy Firewall<\/h3>\n\n\n\n<p>Advanced Policy Firewall (APF) should be installed on your server by default. <\/p>\n\n\n\n<p>APF allows for easy management of your iptables firewall rules for things such as <a href=\"https:\/\/www.inmotionhosting.com\/support\/server\/ssh\/how-to-open-a-port-in-your-firewall\/\">opening ports in your firewall<\/a>.<\/p>\n\n\n\n<p>Here are some example commands:<\/p>\n\n\n\n<strong>Add IP to allowed hosts:<\/strong>\n<pre>apf -a 123.123.123.123 \u201cHome IP\u201d<\/pre>\n\n<strong>Block IP from server:<\/strong>\n<pre>apf -d 123.123.123.123 \u201cHitting login.php again and again\u201d<\/pre>\n\n<strong>Unblock a blocked IP:<\/strong>\n<pre>apf -u 123.123.123.123<\/pre>\n\n<strong>Block IP ranges:<\/strong>\n<pre>apf -d 123.123.123.123\/24 Not recommended<\/pre>\n\n<strong>Recommended way to block IP range from accessing port 80<\/strong>\n<pre>vi \/etc\/apf\/deny_hosts.rules d=80:s=123.123.123.123\/24<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">CSF \u2013 ConfigServer Firewall<\/h3>\n\n\n\n<p>ConfigServer Firewall (CSF) also allows for easy iptables management. CSF is more recent, and more robust, than APF. It allows for temporary blocking of IPs and has both SYN flood protection to help against SYN flood DDoS attacks, as well as LFD which is the built-in module that deals with brute-force login protection.<\/p>\n\n\n\n<p>Here are some example commands:<\/p>\n\n\n\n<strong>Allow an IP:<\/strong>\n<pre>csf -a 123.123.123.123<\/pre>\n\n<strong>Temp allow an IP:<\/strong>\n<pre>csf -ta 123.123.123.123 15s (s \u2013 seconds \/ h \u2013 hours \/ m \u2013 minutes \/ d \u2013 day)<\/pre>\n\n<strong>Block an IP:<\/strong>\n<pre>csf -d 123.123.123.123<\/pre>\n\n<strong>Temp block an IP<\/strong>\n<pre>csf -td 123.123.123.123 15s (s \u2013 seconds \/ h \u2013 hours \/ m \u2013 minutes \/ d \u2013 day)<\/pre>\n\n<strong>Unblock a permanent blocked IP:<\/strong>\n<pre>csf -dr 123.123.123.123<\/pre>\n\n<strong>Unblock a temporary blocked IP:<\/strong>\n<pre>csf -tr 123.123.123.123<\/pre>\n\n<strong>List temporary blocked IPs and durations:<\/strong>\n<pre>csf -t<\/pre>\n\n<strong>Remove all temporary IP blocks:<\/strong>\n<pre>csf -tf<\/pre>\n\n<strong>Log all SYN packets from an IP<\/strong>\n<pre>csf -w 123.123.123.123<\/pre>\n\n\n\n<p>For more details on what you can do with these firewalls, please see <a href=\"https:\/\/www.inmotionhosting.com\/support\/security\/server-security-best-practices\">Server Security Best Practices<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"close-ports\">2. Close Unnecessary Ports<\/h2>\n\n\n\n<p>You should close unnecessary ports in order to prevent their use by unauthorized traffic. In order to see the open ports on your server, you can run the <strong>netstat<\/strong> command. This will reveal all the open network ports and their associated services.\u00a0<\/p>\n\n\n\n<pre>netstat<\/pre>\n\n\n\n<p>You can also use the <a href=\"https:\/\/www.inmotionhosting.com\/support\/server\/ssh\/port-scan-with-nmap\/\">Nmap<\/a> command in order to discover hosts and services.\u00a0 <\/p>\n\n\n\n<pre>nmap domain.com<\/pre>\n\n\n\n<p>Some of nmap\u2019s options include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provide information on targets, including reverse DNS names, device types, and MAC addresses<\/li>\n\n\n\n<li>Host discovery \u2013 identifying hosts on a network<\/li>\n\n\n\n<li>Port scanning \u2013 identifying open ports<\/li>\n\n\n\n<li>OS detection \u2013 finding the operating system and hardware info of network devices<\/li>\n<\/ul>\n\n\n\n<p>Here is an example of the results from an Nmap scan:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"762\" height=\"484\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/nmap-scan-results.png\" alt=\"Viewing Nmap Scan Results\" class=\"wp-image-101589\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/nmap-scan-results.png 762w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/nmap-scan-results-300x191.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>To learn more about closing ports with APF, please see <a href=\"https:\/\/www.inmotionhosting.com\/support\/security\/close-open-ports-for-pci-compliance\/\">Close Open Ports for PCI Compliance<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"change-SSH-port\">3. Change Default SSH Listening Port<\/h2>\n\n\n\n<p>Port 22 is the default SSH port and it\u2019s open by default. Changing your server SSH port can protect you from a lot of less sophisticated attacks. If you\u2019re a cPanel administrator with root WebHost Manager (WHM) access, you should disable SSH access for cPanel accounts that don\u2019t need it.<\/p>\n\n\n\n<p>Below are the basic steps, but to learn more about changing the port, please see <a href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/cloud-server\/how-to-change-your-server-ssh-port\/\">How to Change Your Server SSH Port<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Changing SSH Ports<\/h3>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li>Connect to your server via SSH as the root user.<\/li>\n\n\n\n<li>Edit your SSH config file in the following location:<br><pre>\/etc\/ssh\/sshd_config<\/pre><\/li>\n\n\n\n<li>Find the line containing<strong> #Port 22 <\/strong>and then remove the <strong>hashtag<\/strong> and replace <strong>22<\/strong> with the port you want to use.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"malware\">4. Malware AV Scanner<\/h2>\n\n\n\n<p>Malware is continually evolving and so must the systems that are used to monitor and remove it from your server.\u00a0Server security is not perfect.\u00a0Malicious traffic can get through.\u00a0\u00a0<\/p>\n\n\n\n<p>So, it\u2019s important that anti-malware software is installed, regularly updated, and\u00a0used. Anti-malware software should be considered essential and a required part of the steps to harden VPS security for your hosting account.\u00a0\u00a0<\/p>\n\n\n\n<p>If you are on a <a href=\"https:\/\/www.inmotionhosting.com\/managed-hosting\">managed hosting<\/a> server, chances are that your hosting team already utilizes software for this purpose.\u00a0They may not tell you their exact software (for security purposes), but you should inquire to make sure that they do regularly scan your server.<\/p>\n\n\n\n<p>ClamAV and Maldet are two open-source applications that can scan your server and identify potential threats. There are many other malware scanners\u00a0available with many requiring payment. Here\u2019s a list of free antivirus\/malware software:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/dave-theunsub\/clamtk\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ClamTk<\/strong> <\/a>\u2013 lightweight, quick, antivirus scanner; provides a graphic interface<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.comodo.com\/home\/internet-security\/antivirus-for-linux.php\" target=\"_blank\" rel=\"noreferrer noopener\">Comodo Anti-virus For Linux (CAVL)<\/a><\/strong> \u2013 features include antivirus scanning, anti-spam system, automatic updates, and scan scheduling<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.sophos.com\/en-us\/free-tools\" target=\"_blank\" rel=\"noreferrer noopener\">Sophos for Linux<\/a><\/strong> \u2013 antivirus\/malware scanning with scheduling, low impact on system resources<\/li>\n\n\n\n<li><a href=\"http:\/\/www.chkrootkit.org\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ChkrootKit<\/strong> <\/a>\u2013 checks system binaries for rootkit modification; also includes other scripts to check for deletions<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.tecmint.com\/install-rootkit-hunter-scan-for-rootkits-backdoors-in-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">RootKit Hunter<\/a><\/strong> \u2013 lightweight security monitoring tool that scans for rootkits and various other threats to LInux systems.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"intrusion\">5. Intrusion Detection Software<\/h2>\n\n\n\n<p>Intrusion detection software monitors network activity and alerts an administrator when a suspicious event occurs.\u00a0 Some intrusion detection software can immediately react to specific trigger events.\u00a0 These automated responses can help prevent large-scale attacks because of their early reaction times.<br><br>Fail2Ban is software that monitors system logs and blocks hackers after multiple failed logins.\u00a0Beyond Fail2Ban, there are a number of intrusion detection software applications that you may consider.\u00a0These include:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.ossec.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">OSSEC<\/a>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/www.tripwire.com\/products\" target=\"_blank\" rel=\"noreferrer noopener\">Tripwire<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wazuh.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wazuh<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"brute-force\">6. Brute Force Security<\/h2>\n\n\n\n<p>Brute force security is used to prevent multiple login attacks in an effort to crack password logins. There are different solutions that can use to help stop brute force attacks including plugins, firewalls, and cPanel\u2019s cPHulk.  Fail2ban can also be used to help stop brute force attacks as it monitors logins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">cPHulk<\/h3>\n\n\n\n<p>The cPHulk Brute Force Protection application that cPanel provides works at the Pluggable Authentication Module (PAM) level to detect failed login attempts. Once a set number of failed login attempts has been reached, cPHulk will block any further login attempts from the IP address that had been attempting them.<\/p>\n\n\n\n<p>Because cPHulk blocks IPs at the PAM level, it\u2019s safe to blacklist entire blocks of IP addresses such as a certain country, without having to worry about users from those IPs not being able to access your websites or email you. They will simply be denied access to attempt a login to one of the cPanel core services.<br><br>Learn more about <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/whm\/enable-cphulk-brute-force-protection\/\">enabling cPHulk Brute Force Protection<\/a> through InMotion Hosting.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CSF Login Failure Detection<\/h3>\n\n\n\n<p>The ConfigServer Firewall (CSF) can also be used in Brute Force protection by enabling <strong>LFD (Login Failure Detection)<\/strong>. You can enable the LFD brute force protection by editing:<\/p>\n\n\n\n<p>vi \/etc\/csf\/csf.conf<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">LF_DAEMON=1<\/pre>\n\n\n\n<p>You can use the LF_* settings down further in the file to set the login limits for each service on the server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ssh-keys\">7. Use SSH Keys<\/h2>\n\n\n\n<p>When you have multiple users logging into the server, one of the best ways to secure login is to use SSH-key authentication.\u00a0 With no password logins, using public and private key pairs ensures a secure login.\u00a0<\/p>\n\n\n\n<p>SSH keys work by using a public key and a private key.\u00a0The private key is kept hidden from the user, while the public key is shared with the server where they require access. The keys are matched during login allowing authentication without using a password.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"602\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/cpanel-ssh-keys-1024x602.jpg\" alt=\"cpanel SSH keys management interface\" class=\"wp-image-100899\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/cpanel-ssh-keys-1024x602.jpg 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/cpanel-ssh-keys-300x176.jpg 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/cpanel-ssh-keys-768x451.jpg 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/cpanel-ssh-keys.jpg 1115w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>cPanel makes it easy to manage and generate the needed keys.\u00a0You can see the cPanel interface in the screenshot above.\u00a0<\/p>\n\n\n\n<p>The complexity of the encryption helps to keep the login safe from brute-force attacks. You can learn how to create the keys in this tutorial: <a href=\"https:\/\/www.inmotionhosting.com\/support\/server\/ssh\/how-to-generate-ssh-keys\/\">How to Generate SSH Keys<\/a>.\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"use-sftp\">8. Use SFTP instead of FTP<\/h2>\n\n\n\n<p>In the past, file management on your server used to take place via <a href=\"https:\/\/www.inmotionhosting.com\/support\/website\/ftp\/getting-started-guide\/\">FTP<\/a>, which stands for <strong>File Transfer Protocol<\/strong>. But, we now highly recommend utilizing SFTP instead to better protect and secure your server. Learn why FTP is insecure, why you should use SFTP instead, how to disable FTP on your whole server or for a specific cPanel user, then we\u2019ll show you how to use SFTP.<\/p>\n\n\n\n<p>Keep in mind that InMotion Hosting provides <a href=\"https:\/\/www.inmotionhosting.com\/support\/amp\/how-to-get-great-technical-support\/\">support<\/a> for SFTP on all of its hosting accounts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why is FTP Insecure?<\/h3>\n\n\n\n<p>FTP has been around for a very long time and was not designed with modern security practices in mind. With FTP, login credentials use plain text so they are not encrypted, this could possibly be intercepted during transmissions. Another issue is the data or commands you send and receive from your server could be exposed.<\/p>\n\n\n\n<p>When enabled, FTP servers can be a target of <strong>distributed denial-of-service attack<\/strong> (DDoS) attacks. This can negatively affect the overall performance of your entire server.<\/p>\n\n\n\n<p>Also, you should <em>never<\/em> enable anonymous FTP logins since it would allow anyone to upload\/download files from your server, which is a huge security risk.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Use SFTP?<\/h3>\n\n\n\n<p>SFTP, short for SSH FTP or Secure FTP normally uses a user and password login and can be accessed through SSH, an FTP Client (such as FileZilla), or with the FTP interface provided by the server software.<\/p>\n\n\n\n<p>To help provide better security, your servers will block all users by default. Users are only able to connect after their IP address has been whitelisted. This means that only the specific machines that are added to an \u201callow\u201d list will be able to connect and communicate with the server. All other users will be blocked.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to Disable FTP On the Server<\/h3>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li><a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/whm\/log-into-whm\/\">Login to WHM<\/a>.<\/li>\n\n\n\n<li>Search for FTP, then select the<strong> FTP Server Selection <\/strong>option in the <em>Service Configuration <\/em>section.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"295\" class=\"wp-image-101916\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1671.png\" alt=\"FTP Server Selection in WHM\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1671.png 615w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1671-300x118.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>Set the <em>FTP Server<\/em> option to <strong>Disabled<\/strong>.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"321\" class=\"wp-image-101915\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1670.png\" alt=\"Disabling FTP Server in WHM\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1670.png 1015w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1670-300x129.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1670-768x329.png 768w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>Click the <strong>Save<\/strong> button.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">How to Disable FTP For Specific cPanel Users<\/h3>\n\n\n\n<p>Since all cPanel users automatically are able to connect using FTP, you should also consider disabling access for each user. This would ensure they are only able to connect via SFTP.<\/p>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li><a href=\"https:\/\/www.inmotionhosting.com\/support\/server\/ssh\/how-to-login-ssh\/\">Connect to your server via SSH<\/a>, as the <a href=\"https:\/\/www.inmotionhosting.com\/support\/amp\/obtain-root-access\/\">root<\/a> user.<\/li>\n\n\n\n<li>Edit the <strong>\/etc\/ftpusers<\/strong> file. If it\u2019s not there already, you can create it with the following command.<br><pre>nano \/etc\/ftpusers<\/pre><\/li>\n\n\n\n<li>List each user that you want to block on a separate line, for example:<br><pre>joeuser01<br>joeuser02<br>joeuser03<br>joeuser04<\/pre><\/li>\n\n\n\n<li>Save your changes by clicking <kbd>Ctrl<\/kbd>+<kbd>O<\/kbd> then the <kbd>Enter<\/kbd> key.<\/li>\n\n\n\n<li>You can then verify the user was disabled by attempting to connect via FTP. In my test I received the following message:<br>Critical error: Could not connect to server<br><br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"276\" class=\"wp-image-101912\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1669.png\" alt=\"FileZilla - Critical error: Could not connect to server\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1669.png 796w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1669-300x110.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/12\/Selection_1669-768x283.png 768w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">How to Connect Using SFTP<\/h3>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li><a href=\"https:\/\/www.inmotionhosting.com\/ip\">Identify the IP address<\/a> of the computer you want to connect from.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.inmotionhosting.com\/support\/website\/add-ip-to-firewall\/\">Add the IP address to the server\u2019s firewall<\/a>.<\/li>\n\n\n\n<li>Finally, you can connect using an SFTP client such as FileZilla, WinSCP, or Cyberduck. Below are the default SFTP settings, for more detailed information, see our full guide on how to <a href=\"https:\/\/www.inmotionhosting.com\/support\/website\/ftp\/connecting-scp-sftp\/\">Connect with SFTP<\/a>.<\/li>\n<\/ol>\n\n\n\n<p>You can also learn more about SSH security and SFTP if you are using the <a href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/cloud-server\/ssh-security-sftp-ubuntu-cloud-server\/\">Ubuntu Cloud Server<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"spam-filtering\">9. Spam Filtering<\/h2>\n\n\n\n<p>Spam filtering is very important as it helps prevent a vector for malware from making it to your server or users.\u00a0 It also will help keep the email server working through thousands of unnecessary emails that may be slowing your server down.<br><br>InMotion Hosting provides cPanel hosting that includes Spam Filters that is powered by SpamAssassin.\u00a0 To learn more, check our articles on <a href=\"https:\/\/www.inmotionhosting.com\/support\/email\/spamassassin-fighting-spam\/\">SpamAssassin: Fighting Spam<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"disable-ipv6\">10. Disable IPV6<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/dedicated-hosting\/ipv4-vs-ipv6\/\">IPv6 was created<\/a> because IP addresses in the IPv4 system were running out. However, most people are still only using iPv4.  <\/p>\n\n\n\n<p><strong>Currently, the use of iPv6 can make your server vulnerable to attacks.<\/strong>  <\/p>\n\n\n\n<p>Though your hosting service may support IPv6, it is currently recommended that it be disabled to help shut down a possible avenue of malicious traffic to your site. <\/p>\n\n\n\n<p>Inquire with your hosting service if they are supporting IPv6 and if they are planning to adapt it if they are not. If you are not familiar with disabling IPv6 you can request that they help with this request. If you wish to do it yourself, you will need to log into your server and run the following commands with root privileges.<\/p>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li>Use an editor to edit the <strong>sysctl.conf file<\/strong>.  It is located here: <strong> \/etc\/sysctl.conf<\/strong><\/li>\n\n\n\n<li>Add the following two lines:<br><pre>net.ipv6.conf.all.disable_ipv6=1<br>net.ipv6.conf.default.disable_ipv6=1<\/pre><\/li>\n\n\n\n<li>Next, run the following command to use those settings:<br><pre>sysctl -p<\/pre><\/li>\n<\/ol>\n\n\n\n<p>You can find more information in the <a href=\"https:\/\/support.cpanel.net\/hc\/en-us\/articles\/360053362374-How-To-Disable-IPv6#:~:text=To%20disable%20IPv6%20on%20SSH,this%20change%20to%20take%20effect.\" target=\"_blank\" rel=\"noreferrer noopener\">cPanel documentation<\/a> to disable IPv6.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"disable-root\">11. Disable Root Logins<\/h2>\n\n\n\n<p>Another way to harden VPS security is to disable Root access. Root access logins give you complete access to the server.\u00a0As the default user is \u201croot\u201d, it makes the system vulnerable to brute force attacks that try to gain access to the account.\u00a0 <\/p>\n\n\n\n<p>You can create a new username and then use the \u201csudo\u201d command to execute root-level commands.<\/p>\n\n\n\n<p>Make sure that you create your new admin account with the appropriate access levels before disabling the root account.<\/p>\n\n\n\n<p>You will need to have root access before changing the <em>PermitRootLogin<\/em> parameter in the <strong>sshd_config<\/strong> file.\u00a0Changing the value to \u201cNo\u201d will prevent the \u201croot\u201d user from being used to log in to the server.<\/p>\n\n\n\n<p><strong>Note: <\/strong>You can <a href=\"https:\/\/www.inmotionhosting.com\/support\/amp\/obtain-root-access\/\">request root access<\/a> to InMotion Hosting VPS accounts, but it is not provided by default.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Disabling root Logins<\/h3>\n\n\n\n<p>Before you begin, you should choose an existing cPanel account user that you want to elevate access for, or you can <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/cpanel\/create-cpanel-accounts-in-whm\/\">create a new cPanel account<\/a> that will include a new user. This user will essentially \u201creplace\u201d the root user.<\/p>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li><a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/whm\/log-into-whm\/\">Login to WHM<\/a>.<\/li>\n\n\n\n<li>Search for \u2018wheel\u2019 then click the<strong> Manage Wheel Group Users<\/strong> option under <em>Security Center<\/em>.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"338\" class=\"wp-image-101616\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-manage-whel-group-users.png\" alt=\"VPS Security - Manage Wheel Group Users\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-manage-whel-group-users.png 601w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-manage-whel-group-users-300x135.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>Under the section labeled \u201c<em>Add a user to the wheel group<\/em>\u201d select the user you want to use for root access and click the<strong> Add to Group<\/strong> button. You will then see a message stating that the user was added to the wheel group.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"338\" class=\"wp-image-101617\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-manage-wheel-group-add-user.png\" alt=\"VPS Security - Add User to Wheel Group\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-manage-wheel-group-add-user.png 523w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-manage-wheel-group-add-user-300x135.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>Connect to your server via ssh with the new wheel user. For example:<br><pre>ssh imhtes14@12.34.567.89<\/pre><\/li>\n\n\n\n<li>Run the su command and enter your <strong>root<\/strong> password to change to the root user.<br><pre>su<\/pre>You should then see root@ listed in your terminal.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"135\" class=\"wp-image-101618\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-wheel-user-logged-in-as-root.png\" alt=\"VPS Security - View of the Wheel User Logged in as root\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-wheel-user-logged-in-as-root.png 1205w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-wheel-user-logged-in-as-root-300x54.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-wheel-user-logged-in-as-root-1024x184.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-wheel-user-logged-in-as-root-768x138.png 768w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>We will now edit the sshd_config file to disable the root user. In this example, I\u2019m using the nano command but you can use any editor that you prefer.<br><pre>nano \/etc\/ssh\/sshd_config<\/pre><\/li>\n\n\n\n<li>Locate the following line in the file:<br><pre>#PermitRootLogin yes<\/pre><br>Remove the hashtag \u2018#\u2019 in the line and change <strong>yes<\/strong> to <strong>no<\/strong>. It should then look like this:<br><pre>PermitRootLogin no<\/pre><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"259\" class=\"wp-image-101619\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-permit-root-login-no.png\" alt=\"VPS Security - Setting PermitRootLogin to No\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-permit-root-login-no.png 538w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-permit-root-login-no-300x104.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>Save your changes. If you are using nano it will be <kbd>Ctrl+x<\/kbd>, the <kbd>y<\/kbd> key, then <kbd>Enter<\/kbd>.<\/li>\n\n\n\n<li>We will now restart ssh by <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/whm\/log-into-whm\/\">logging into WHM<\/a> and searching for \u2018openssh\u2019 then clicking the<strong> SSH Server (OpenSSH)<\/strong> link under <em>Restart Service<\/em>.<\/li>\n\n\n\n<li>Click the <strong>Yes<\/strong> button on the <em>SSH Daemon<\/em> page.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"326\" class=\"wp-image-101620\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-restart-ssh-daemon.png\" alt=\"VPS Security - Restarting SSH Daemon\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-restart-ssh-daemon.png 623w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-restart-ssh-daemon-300x130.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"limit-user-access\">12.  Limit User Access \u2013 Review and Manage users<\/h2>\n\n\n\n<p>In many cases, a server is accessed by multiple users. This requires that you monitor and manage the users who have access.\u00a0 You should regularly review the users who have access to the server.\u00a0\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring Users<\/h3>\n\n\n\n<p>To view a list of users through SSH, use the following command<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>getent \/etc\/passwd<\/code><\/pre>\n\n\n\n<p>This will display all users, including those authenticated through LDAP. If you are not using LDAP, then you can list all users using LESS to display the passwd file page by page.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>less \/etc\/passwd<\/code><\/pre>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Monitoring user activity in Linux will require the use of accounting utilities. These utilities are included in the <strong>psacct <\/strong>or <strong>acct<\/strong> package. You will need to install these packages and start the service. RPM-based Linux systems use <strong>psacct<\/strong>.<\/p>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li>Use this command to install the accounting utilities.  Note that some variations of Linux may have different installation commands.<br><br><code><strong>sudo apt install acct<\/strong><\/code><br><\/li>\n\n\n\n<li>When the installation is complete, use this command to enable it.<br><br><code><strong>sudo systemctl enable acct<\/strong><br><\/code><\/li>\n\n\n\n<li>You will then need to start the service like this:<br><br><code><strong>sudo systemctl start acct<\/strong><\/code><br><\/li>\n\n\n\n<li>Once the service is started, check its status with this command:<br><br><code><strong>sudo systemctl status acct<\/strong><\/code><br><\/li>\n<\/ol>\n\n\n\n<p>The options in the accounting utilities allow you to retrieve activities as stored by the root user. This includes all users in the installation. So, even if users clear their command line history, the records will still exist since they are saved with the root user.<\/p>\n\n\n\n<p>The accounting utilities include the following options to monitor user activity:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ac<\/strong> <em>user<\/em>\u2013 Displays statistics on specific user login time<\/li>\n\n\n\n<li><strong>lastcomm<\/strong> <em>user<\/em> \u2013 displays info on executed commands of a particular user<\/li>\n\n\n\n<li><strong>as -m<\/strong> \u2013 displays the number of processes and CPU minutes per user<\/li>\n\n\n\n<li><strong>dump-acct<\/strong> \u2013 transforms the output file to a human-readable format<\/li>\n<\/ul>\n\n\n\n<p>Use the <em>man <\/em>page for the commands to see all of their options.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>When you are reviewing your users, check the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The frequency of their access<\/strong>. Are they accessing the server excessively? Do they rarely access the server? If necessary, adjust their user rights or expiration dates.<\/li>\n\n\n\n<li><strong>Resource usage by users<\/strong>. You can identify the users that use higher levels of resources and then determine if changes are needed.<\/li>\n\n\n\n<li><strong>The validity of their access<\/strong>. Review what commands they use to ensure they have the appropriate access and are not abusing the server.<\/li>\n\n\n\n<li><strong>Current and obsolete users<\/strong>. Remove users who no longer need access to the server.<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Managing Users<\/h3>\n\n\n\n<p>The typical commands for managing users using SSH in Linux are <strong>useradd<\/strong>, <strong>usermod<\/strong>, and <strong>userdel<\/strong>.\u00a0 You will also find user account information in the<strong> \/etc\/passwd<\/strong> file.\u00a0 To add security to the password hashes in the<strong> \/etc\/passwd<\/strong> file, the <strong>\/etc\/shadow<\/strong> file was created.\u00a0 The <strong>\/etc\/shadow<\/strong> file is only readable by root.<\/p>\n\n\n\n<p>The <strong>\/etc\/shadow<\/strong> file contains the username, a hashed version of the password, the password change period, and the user\u2019s status.<\/p>\n\n\n\n<p>Examples of the <strong>useradd<\/strong>, <strong>usermod<\/strong>, and <strong>userdel<\/strong> commands:<\/p>\n\n\n\n<p><strong>Useradd <\/strong>is used to add users.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo useradd <em>username<\/em><\/code><\/pre>\n\n\n\n<p><strong>Usermod <\/strong>modifies users.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo usermod -l <em>new-user-name<\/em> <em>old-user-name<\/em><\/code><\/pre>\n\n\n\n<p><strong>Userdel <\/strong>removes users.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo userdel -f <em>username<\/em><\/code><\/pre>\n\n\n\n<p>Each command has many options best seen on the corresponding <em>man<\/em> page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Password Expirations<\/h3>\n\n\n\n<p> You can also set expiration dates on users and passwords with specific commands. To view a user\u2019s expiration date, use the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chage -l username<\/code><\/pre>\n\n\n\n<p>The output will appear like this:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Last pasword change                                   : Feb 5, 2023\nPassword expires                                      : never\nPassword inactive                                     : never\nAccount expires                                       : never\nMinimum number of days between password change        : -1\nMaximum number of days between password change        : -1\nNumber of days of warning before password expires     : -1<\/pre>\n\n\n\n<p>To change the expiration date:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>usermod -E 2023-02-28 <em>username<\/em><\/code><\/pre>\n\n\n\n<p>You can then repeat the <strong>chage<\/strong> command again to verify the change in the user expiration date.<\/p>\n\n\n\n<p>The period of time between password changes can also be set with the <strong>chage<\/strong> command. You can set the maximum number of days a password is valid, the minimum number of days between password changes, and the number of days of warning before a password change is required. <\/p>\n\n\n\n<p> This is an example of setting the max days for the password for an account.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chage -M 30 <em>username<\/em><\/code><\/pre>\n\n\n\n<p>This command sets the maximum number of days between a required password change.  If you were to look at the aging information using <strong>chage -l<\/strong>,  and it would look like this:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Last pasword change                                   : Feb 5, 2023\nPassword expires                                      : never\nPassword inactive                                     : never\nAccount expires                                       : never\nMinimum number of days between password change        : -1\nMaximum number of days between password change        : 30\nNumber of days of warning before password expires     : -1<\/pre>\n\n\n\n<p>There are many command options, but the minimum and warning options are detailed below:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>chage -m     <\/strong><\/td><td>Set the minimum number of days between password changes. If the value is \u201c0\u201d then the user may change the password at any time.<\/td><\/tr><tr><td><strong>chage -W<\/strong><\/td><td>Set the number of days of warning before a password change is required.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"drp\">13. Set up a Disaster Recovery Plan \u2013 Backups<\/h2>\n\n\n\n<p>Creating a disaster recovery plan involves your IT person or personnel responsible for the maintenance of your server.\u00a0 First, you will need to make sure that you are maintaining current and secure backups of your work.\u00a0\u00a0<\/p>\n\n\n\n<p>Your plan should take into account intrusion or loss of personnel and loss of services. You should have secure documents that allow you to recover your data and\/or logins.\u00a0 If you can restore your services on a different host, then you will be able to recover your data and operations with minimal fuss.<\/p>\n\n\n\n<p class=\"alert alert-info\"><strong>Backups should follow the 3\/2\/1 rule to prevent data loss:<\/strong><br>(3) Three copies of data stored on\u2026<br>(2) Two different types of media (e.g., remote server and local external drive) with<br>(1) One complete server backup stored off-site in a remote location (especially important in the case of natural disasters that might affect your hosting server)<\/p>\n\n\n\n<p>Your backup process should be automated and reviewed on a regular basis. What is your website and data worth to you? Chances are, it\u2019s priceless. Verify the integrity of your backups and make sure they are in a secure area.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How To Schedule Automatic Backups<\/h3>\n\n\n\n<p>With a VPS you have the ability to enable and schedule automatic backups for your cPanel accounts. Below are the basic steps, but we recommend our full guide on <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/cpanel\/setup-scheduled-cpanel-backups\">Scheduling cPanel Backups in WHM<\/a> for more detailed information.<\/p>\n\n\n\n<ol class=\"wp-block-list article_list\">\n<li><a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/whm\/log-into-whm\/\">Login to WHM<\/a> as the <a href=\"https:\/\/www.inmotionhosting.com\/support\/amp\/obtain-root-access\/\">root<\/a> user.<\/li>\n\n\n\n<li>Click the\u00a0<strong>Backup Configuration<\/strong>\u00a0option in the <em>Backup<\/em> section.<\/li>\n\n\n\n<li>Select the <strong>Enable<\/strong> option in the <em>Backup Status<\/em> section.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"356\" class=\"wp-image-101608\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-enable-backups.png\" alt=\"Enabling Automatic Backups in WHM\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-enable-backups.png 723w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-enable-backups-300x142.png 300w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>You can then choose your backup settings. Specifically, you can select the <strong>Daily<\/strong>, <strong>Weekly<\/strong>, or <strong>Monthly<\/strong> backups in the <em>Scheduling and Retention<\/em> section.<br><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"399\" class=\"wp-image-101609\" style=\"width: 750px;\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-backups-scheduling-and-retention.png\" alt=\"VPS Security - Backups - Scheduling and Retention\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-backups-scheduling-and-retention.png 934w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-backups-scheduling-and-retention-300x160.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/11\/vps-security-backups-scheduling-and-retention-768x409.png 768w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/li>\n\n\n\n<li>Click the <strong>Save Configuration<\/strong> button.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"up-to-date\">14. Keep Everything Up-to-date<\/h2>\n\n\n\n<p>Keeping all the software \u201cup-to-date\u201d may seem like common sense but it may be more complex than you think.\u00a0As an administrator, you should keep track of all the software and applications that require manual updates as well as the ones that automatically update.\u00a0\u00a0<br><br>Additionally, it is equally important to track software that does not update, especially over long periods of time.\u00a0Software that doesn\u2019t regularly update could become vulnerable to security issues.\u00a0Additionally, it may cause conflicts as your other systems are updated.<\/p>\n\n\n\n<p>For example, you may have plugins on your website that do not get updated.\u00a0But when the CMS software updates, your plugin may no longer operate correctly.<\/p>\n\n\n\n<p>While keeping track of all the software and applications that you run on your VPS may be a minor nightmare, it is more important that you have an understanding of what software you are using and make sure that is kept up-to-date in order to keep things safe and secure.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"monitor\">15. Monitor Server Logs<\/h2>\n\n\n\n<p>Monitoring your website is another key step in the effort to harden VPS security.\u00a0You can monitor website logs that include traffic, resources, and errors.\u00a0<\/p>\n\n\n\n<p>You can also watch logs for the server that include the server load, resource usage\u00a0(CPU, memory, bandwidth, etc.), email logs, and web server logs.\u00a0This will keep you\u00a0informed about the health and load on the server.\u00a0\u00a0<\/p>\n\n\n\n<p>Regular monitoring will help you to establish a baseline as to how your server normally\u00a0performs versus when it\u2019s operating under a heavy load or with no load at all.\u00a0cPanel provides a number of logs that can help you with that specific cPanel account.\u00a0\u00a0<\/p>\n\n\n\n<p>To see a list of logs from cPanel see <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/cpanel\/cpanel-logs-for-access-apache-email-error-ftp-mysql-whm\/\">cPanel logs: Access, Apache, Email, Error, FTP, MySQL, and WHM<\/a>.\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"strong-password\">16. Implement a Strong Password Policy<\/h2>\n\n\n\n<p>A strong password policy means that <strong><em>all <\/em><\/strong>personnel is required to use a password that meets the set security standards.\u00a0Having a strong password is important for <a href=\"https:\/\/www.inmotionhosting.com\/support\/security\/basic-security\/\">dedicated server security<\/a> and any other hosting account too. <\/p>\n\n\n\n<p>Password length of 8 characters or more, with at least 1 capitalized letter, a number, and a special character is a decent standard for security.\u00a0 Enforcement of this policy should be automated so that everyone must take part in it.<\/p>\n\n\n\n<p>Learn more in our article <a href=\"https:\/\/www.inmotionhosting.com\/support\/security\/password-strength\/\">Password Strength and Security<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pci-compliance\">17. PCI DSS Compliance<\/h2>\n\n\n\n<p>Many businesses require that servers by Payment Card Industry Data Security Standard (PCI DSS) compliant.\u00a0 This allows for a secure setting for online store payments. PCI compliance requires many of the security options that we have discussed in this article.\u00a0 They include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Current firewall configuration\u00a0<\/li>\n\n\n\n<li>Antivirus Software<\/li>\n\n\n\n<li>Network monitoring<\/li>\n\n\n\n<li>Regular Security Testing<\/li>\n\n\n\n<li>Unique IDs and strong passwords<\/li>\n\n\n\n<li>Cardholder data encryption on public networks<\/li>\n<\/ul>\n\n\n\n<p>To learn more about PCI Security standards, go to their website: <a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">PCI Security Standards.org<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"use-ssl\">18. Use SSL Certificates<\/h2>\n\n\n\n<p>SSL certificates are important in providing a secure connection between your web server and your visitor.\u00a0 It is important to have an SSL certificate that matches the needs of your website and business.\u00a0\u00a0<\/p>\n\n\n\n<p>While there are <a href=\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/auto-ssl-guide\/\">free SSL certificates<\/a> there are also many types of paid SSL certificates that can provide further authentication for your website. For instance, an Extended Validation SSL Certificate would authenticate not only the owner of the domain but also the validity of the business that claims to be the owner of the website. Although the encryption works the same way, this added layer of validation can help your visitors trust your website and business as one entity.<\/p>\n\n\n\n<p>If you are moving your website to a new location always keep in mind that the SSL certificate may be part of the <a href=\"https:\/\/www.inmotionhosting.com\/support\/amp\/transfer-ssls\/\">migration<\/a>.\u00a0In some cases, it may require assistance from your new host, but it should be considered a required step for your business site.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"http-headers\">19. Security HTTP Headers and Subresource Integrity (SRI)<\/h2>\n\n\n\n<p>HTTP Security headers are exchanged between a browser (or web client) and a server in order to authenticate the HTTP communication. There are many types of HTTP headers, but we\u2019ll list a few and describe them:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>X-Frame-Options HTTP Header <\/strong>\u2013 security header used to avoid UI Redressing attacks that started with Clickjacking.\u00a0 It is supported by all major browsers<\/li>\n\n\n\n<li><strong>Content-Security-Policy (CSP) <\/strong>\u2013 security header used to protect the website and visitors from cross-site scripting (XSS) attacks as well as data injection attacks.<\/li>\n\n\n\n<li><strong>HTTP Strict-Transport-Security (HSTS)<\/strong> \u2013 tells browsers that the website can only be accessed using HTTPS.<\/li>\n\n\n\n<li><strong>X-Content-Type-Options<\/strong> \u2013 used by the server to indicate that <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Basics_of_HTTP\/MIME_types\" target=\"_blank\" rel=\"noreferrer noopener\">MIME<\/a> types listed in the Content-Type headers should be used and not changed. Used to avoid <a href=\"https:\/\/www.keycdn.com\/support\/what-is-mime-sniffing\" target=\"_blank\" rel=\"noreferrer noopener\">Mime sniffing<\/a>.\u00a0 Mime sniffing is generally a precursor to XSS attacks because it can change the way the browser interprets an asset file making it vulnerable to a different file type that can be used to transport the malware code.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTP headers also control browser feature settings, cookie storage, and much more. There are also plugins for CMS software like <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/joomla\/joomla-4\/joomla-http-headers\/\">Joomla<\/a> and <a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/plugins\/http-headers-security\/\">WordPress<\/a> that can provide HTTP header security.<\/li>\n<\/ul>\n\n\n\n<p><strong>Subresource Integrity (SRI)<\/strong> is a security feature that lets browsers authenticate that the server they\u2019re getting data\/media from is being sent without being manipulated by an unexpected source. SRI works by using encrypted hashes that must be matched by the resource from where you are receiving your media.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"php-versioning\">20. PHP Versioning<\/h2>\n\n\n\n<p id=\"php-versioning\">PHP is often the backbone of website software and applications used on VPS servers.\u00a0New versions of the software are often released that provide improved performance and security for the applications that use it. Regularly keeping your PHP versions up-to-date should be a required step in your efforts to harden VPS security.<br><br>PHP versions may often require installation through the backend of the server.\u00a0For example, in CENTOS, new versions of PHP are normally installed through <a href=\"https:\/\/docs.cpanel.net\/ea4\/basics\/easyapache-4-faq\/\">EasyApache<\/a>.\u00a0<\/p>\n\n\n\n<p>Depending on your host, some versions may not be immediately available.\u00a0However, it is important to inquire with your technical support team in order to understand when new versions become available so that you can install them on your server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"disk-partitioning\">21. Disk Partitioning<\/h2>\n\n\n\n<p>Disk partitioning is used on servers and computers to define spaces on a hard drive that can be assigned a logical space. For example, you can dive a drive into two separate spaces \u2013 c: and d:.  <\/p>\n\n\n\n<p>These partitions can then be used to separate the operating system and applications on the root hard drive. Keeping the executable applications separate from your data works to harden VPS security because the written or created data can be protected from malware affecting the application.<\/p>\n\n\n\n<p>This allows you to restore or reload software applications or operating systems without actually affecting your data that can be saved in a different partition. It also helps to keep your backups to a manageable size, since your backups can be limited to only the data that needs to be saved.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"specific-security\">22. Specific Security for your Operating System<\/h2>\n\n\n\n<p>You may have software that has built-in security options depending on the software loaded to your server.\u00a0This could be the operating system for the server or CMS\u00a0software used to build your website. There are many built-in or add-on options that work to harden your VPS security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">cPanel Security Options<\/h3>\n\n\n\n<p>cPanel is server software that also provides the WHM software that gives your a graphic interface to manage the server.\u00a0cPanel includes many security options including a Security Advisor in WHM that offers recommendations for your password policy, databases, SSH, email, and more.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"552\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/mod-security-whm-1024x552.jpg\" alt=\"modsecurity interface in WHM\" class=\"wp-image-100900\" style=\"width:840px;height:452px\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/mod-security-whm-1024x552.jpg 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/mod-security-whm-300x162.jpg 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/mod-security-whm-768x414.jpg 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2022\/10\/mod-security-whm.jpg 1043w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p><br>ModSecurity is an open-source web application firewall.\u00a0 It allows you to set up rules that can setup real-time monitoring and logging. It can also be used to filter HTTP traffic.\u00a0The ModSecurity engine is deployed inside a web server so that it can monitor incoming and outgoing HTTP traffic. To learn more about using ModSecurity, check out the <a href=\"https:\/\/docs.cpanel.net\/ea4\/apache\/apache-module-modsecurity\/#configuration-details\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Module: ModSecurity<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CMS Security Options<\/h3>\n\n\n\n<p>CMS security options will vary from CMS to CMS.\u00a0 Active and popular ones like\u00a0<\/p>\n\n\n\n<p>WordPress has a variety of options that you can implement.\u00a0 Typically, these security\u00a0<\/p>\n\n\n\n<p>options will be plugins.\u00a0 But there are also services that can be hired that will help\u00a0<\/p>\n\n\n\n<p>monitor your website to keep it safe and secure.<\/p>\n\n\n\n<p>Some examples of security plugins for WordPress include:\u00a0\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/ithemes.com\/security\/\"><strong>iThemes Security<\/strong><\/a> \u2013 stops automated attacks, monitors suspicious activity, scans for vulnerable plugins and themes, blocks bad bots, reduces spam, strengthens user credentials<\/li>\n\n\n\n<li><a href=\"https:\/\/www.wordfence.com\/\"><strong>WordFence Security<\/strong><\/a> \u2013 provides login security, centralized management, two-factor authentication, malware scan, firewall, and a 24\/7 Incident Response Team<\/li>\n\n\n\n<li><a href=\"https:\/\/www.ait-pro.com\/\"><strong>Bullet Proof Security<\/strong><\/a> \u2013 plugin provides malware scanner, login monitoring and security, security logging, error logging, hidden plugin folders, backups<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/sucuri.net\/\"><strong>Sucuri Security<\/strong><\/a> \u2013 both a security plugin and also a paid service; provides malware and hack removals, firewall, security scans, blocklist monitoring and removal, SSL support and monitoring, and CDN services<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"training\">23. Training and Research VPS Security\u00a0<\/h2>\n\n\n\n<p>Working in security and researching security for your VPS server will be a never-ending task.\u00a0However, securing your server from attacks is rewarding because it protects your business and the privacy and data of your clients.<br><br>Training for security can lead to certifications and degrees and will require some imagination as the attacks on your server can come from various directions.\u00a0<\/p>\n\n\n\n<p>Annual conferences like <a href=\"https:\/\/www.blackhat.com\/eu-22\/\" target=\"_blank\" rel=\"noreferrer noopener\">Black Hat<\/a>, <a href=\"https:\/\/open-security-summit.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Open Security Summit<\/a>, and <a href=\"https:\/\/events.linuxfoundation.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux Foundation events<\/a> show that security is continually evolving in order to meet the threats and changes to the industry and the world around us.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-hosting\">24. Find a Secure VPS Hosting Service<\/h2>\n\n\n\n<p>When you\u2019re looking for a host for a VPS server, make sure to check out their reputation by reading reviews about their service and security.\u00a0 <\/p>\n\n\n\n<p>If you don\u2019t have much information, make sure to ask them questions about their policies and experiences when working to harden VPS security and technical support.\u00a0 <\/p>\n\n\n\n<p>The information you should be seeking when looking for a good <a href=\"\/vps-hosting\">secure VPS hosting<\/a> provider includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Server location<\/li>\n\n\n\n<li>Power outage mitigation measures at the data center<\/li>\n\n\n\n<li>Physical security at the data center<\/li>\n\n\n\n<li>Onsite support for physical server maintenance<\/li>\n\n\n\n<li>Network monitoring<\/li>\n\n\n\n<li>Backups for your data and applications<\/li>\n\n\n\n<li>DDoS Prevention <\/li>\n\n\n\n<li>Backup network plans in the event of a service outage<\/li>\n<\/ul>\n\n\n<div class=\"jumbotron\"><p style=\"margin-top:0;\"><img decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/custom\/security.svg\" align=\"right\" alt=\"Secure VPS Hosting\" height=\"80\">Enjoy high-performance, lightning-fast servers with increased security and maximum up-time with our <a href=\"https:\/\/www.inmotionhosting.com\/vps-hosting\">Secure VPS Hosting<\/a>!<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>Linux VPS    <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>cPanel or Control Web Panel    <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>Scalable    <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>Website Migration Assistance<\/p>\r\n<p style=\"margin:10px 0;\"><a class=\"btn btn-primary btn-lg\" href=\"https:\/\/www.inmotionhosting.com\/vps-hosting\/linux-vps\">Linux VPS Hosting<\/a><\/p><\/div>\n\n\n\n<p><strong>Managed Hosting vs Unmanaged Hosting<\/strong><\/p>\n\n\n\n<p>Managed hosting is more secure as it normally involves a team of people actively monitoring the server.  They will also help to keep the server software up-to-date.<\/p>\n\n\n\n<p>An \u201cunmanaged\u201d server will often be one where it will be up to your to load security software and maintain monitoring. Unmanaged servers may offer more freedom but, they will also be harder to keep secure.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<p>Learning how to secure VPS security is a daunting and never-ending task.\u00a0However, the price of security for your customers or visitors cannot be understated.\u00a0This list of 24 recommendations will help guide you toward the goal of securing your VPS, but it is important to keep in mind that you are not the only person involved in the task.\u00a0Your users, administrators, and even the tech support team from your hosting server all play an important role in keeping your data and applications safe and secure.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are many reasons to harden your VPS.&nbsp;The best practices for VPS security involve learning the settings, steps, and options that are needed to keep your server secure.&nbsp;You will also find yourself continually researching and updating your knowledge and software tools to keep your security up-to-date.&nbsp; Server security depends on everyone who interacts with the<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4324],"tags":[],"class_list":["post-48325","post","type-post","status-publish","format-standard","hentry","category-vps-hosting"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Secure VPS: 24 Ways to Harden VPS | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"Enhance your VPS security with these 24 proven strategies. From firewalls to SSH configurations, learn how to safeguard your VPS server effectively.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure VPS: 24 Ways to Harden VPS | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"Enhance your VPS security with these 24 proven strategies. From firewalls to SSH configurations, learn how to safeguard your VPS server effectively.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-09T12:50:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-31T19:03:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2019\/10\/24-ways-to-VPS-Security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2019\/10\/24-ways-to-VPS-Security.png\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"27 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"Securing Your VPS: 24 Ways to Harden Server\",\"datePublished\":\"2019-10-09T12:50:26+00:00\",\"dateModified\":\"2024-10-31T19:03:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\"},\"wordCount\":5443,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-1024x538.png\",\"articleSection\":[\"VPS Hosting\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\",\"name\":\"Secure VPS: 24 Ways to Harden VPS | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-1024x538.png\",\"datePublished\":\"2019-10-09T12:50:26+00:00\",\"dateModified\":\"2024-10-31T19:03:37+00:00\",\"description\":\"Enhance your VPS security with these 24 proven strategies. From firewalls to SSH configurations, learn how to safeguard your VPS server effectively.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1.png\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Your VPS: 24 Ways to Harden Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure VPS: 24 Ways to Harden VPS | InMotion Hosting","description":"Enhance your VPS security with these 24 proven strategies. From firewalls to SSH configurations, learn how to safeguard your VPS server effectively.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/","og_locale":"en_US","og_type":"article","og_title":"Secure VPS: 24 Ways to Harden VPS | InMotion Hosting","og_description":"Enhance your VPS security with these 24 proven strategies. From firewalls to SSH configurations, learn how to safeguard your VPS server effectively.","og_url":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2019-10-09T12:50:26+00:00","article_modified_time":"2024-10-31T19:03:37+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2019\/10\/24-ways-to-VPS-Security.png","type":"image\/png"}],"author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2019\/10\/24-ways-to-VPS-Security.png","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"27 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"Securing Your VPS: 24 Ways to Harden Server","datePublished":"2019-10-09T12:50:26+00:00","dateModified":"2024-10-31T19:03:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/"},"wordCount":5443,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-1024x538.png","articleSection":["VPS Hosting"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/","url":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/","name":"Secure VPS: 24 Ways to Harden VPS | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1-1024x538.png","datePublished":"2019-10-09T12:50:26+00:00","dateModified":"2024-10-31T19:03:37+00:00","description":"Enhance your VPS security with these 24 proven strategies. From firewalls to SSH configurations, learn how to safeguard your VPS server effectively.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1.png","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/11\/24-Ways-to-Secure-Your-VPS-1.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/ways-to-harden-your-vps-hosting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"Securing Your VPS: 24 Ways to Harden Server"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":4324,"name":"VPS Hosting","slug":"vps-hosting","link":"https:\/\/www.inmotionhosting.com\/support\/product-guides\/vps-hosting\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/48325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=48325"}],"version-history":[{"count":70,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/48325\/revisions"}],"predecessor-version":[{"id":129784,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/48325\/revisions\/129784"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=48325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=48325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=48325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}