Web server security

  • Romkon

    (@romkon)


    8 years, 5 months ago

    Hi there,
    Recently I decided to change my Shared Hosting provider after they lost my data base and forgot to prolong my SSL cert. Actually, this is another story… The basic here is that I migrated to VPS. There are sites of my clients. They are mostly on WordPress.
    So, I am admin and care about web server security for WP now. Can you tell me what to do with that? As usual, there’s no time to read those long posts on www. Maybe some one can do it shortly? Maybe there are a few modern solutions in 2017 when an admin can perform a short list of things. Like 5-10 items.
    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 5 months ago

    As usual, there’s no time to read those long posts on www

    They’ll be plenty of time after your server’s been hacked and you have no clients…. so make it a priority to find the time.

    See https://codex.ww.wp.xz.cn/Hardening_WordPress

    In short

    • Good passwords
    • Keep the OS up to date
    • Use something like php-fpm to run each site under a different user
    • Use a different database user/password for each site
    • Use a tool like OSSEC to monitor your server logs
    • Allow SSH only via key-pair, not with passwords

    … as well as all the normal per-site security you’d use for WP hosted anywhere.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    8 years, 5 months ago

    Yes, achieving security isn’t a quick win through a list of plugins. Security is a strategy that you adopt in everything you. Reading material is a good way of learning how to achieve that.

    orangeworx

    (@orangeworx)

    8 years, 5 months ago

    It’s funny how some people think there’s a quick fix for everything, even so for web security!
    I’ve been reading/learning on the matter for months/years and I’ll be reading/learning and applying stuff forever because that’s the truth of the matter, as long as the internet’s here, security will be as well… Once you’re involved in security, there’s no end, it’s a 24/7 job on its own. There will be updates, there will be security issues, there will be patches and the list goes on.

    The golden rule here is if you don’t/can’t take the time and effort, have a knowledgeable person take care of this for you.
    my 2 cents

    Thread Starter Romkon

    (@romkon)

    8 years, 5 months ago

    @orangeworx People used to do calculations on calculators or even wooden abacus. Then other people invented computer and manual calculation turned to a thing of the past.
    I believe that today’s higher automation level is the thing that gonna kill that 24/7 job. Just install some software and check the system from time to time.
    @sterndata Thank you Steve. It looks like that’s what I really need (HIDS). Gonna dig it deeper.
    I wonder why nobody mentions software like Malware Protection products from well known companies. You know, they make Antiviruses/Firewalls for desktops. I found out that they do it for Linux-based OS. Does it worth?

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Web server security’ is closed to new replies.