Security incidents rarely start with sophisticated exploits — they start with weak SSH passwords and unpatched packages. This is the baseline we apply to every managed environment.
Access control
- Disable password SSH — keys only (
PasswordAuthentication no). - Move SSH off port 22 to cut automated scanner noise.
- Create a sudo user; lock root login (
PermitRootLogin no). - Enable fail2ban with aggressive jails for sshd and your control panel.
Patching & kernel
- Automatic security updates (
unattended-upgrades/dnf-automatic). - KernelCare or scheduled reboots so the kernel never lags a CVE.
Network
- Default-deny firewall — open only 80/443 and your moved SSH port.
- Rate-limit at the edge — our network-level firewall filtering is free on all VPS plans.
Application layer
- Imunify360 for AI-driven malware detection on hosting servers.
- ModSecurity ruleset tuned to your CMS.
Recovery
- Snapshots before every major change — included on all Root Servers and VPS plans.
- Off-server backups on a schedule you’ve actually tested.
Want this applied to your infrastructure? Our engineers do security audits and hardening as a managed service.