--:--:-- IST --:--

Client Area Login

Security · · 8 min read

The 12-Point Hardening Checklist We Apply to Every Managed Server

SSH keys, fail2ban, kernel updates, Imunify360 and firewall rules — the exact baseline our engineers apply before a managed server goes live.

Security incidents rarely start with sophisticated exploits — they start with weak SSH passwords and unpatched packages. This is the baseline we apply to every managed environment.

Access control

  1. Disable password SSH — keys only (PasswordAuthentication no).
  2. Move SSH off port 22 to cut automated scanner noise.
  3. Create a sudo user; lock root login (PermitRootLogin no).
  4. Enable fail2ban with aggressive jails for sshd and your control panel.

Patching & kernel

  1. Automatic security updates (unattended-upgrades / dnf-automatic).
  2. KernelCare or scheduled reboots so the kernel never lags a CVE.

Network

  1. Default-deny firewall — open only 80/443 and your moved SSH port.
  2. Rate-limit at the edge — our network-level firewall filtering is free on all VPS plans.

Application layer

  1. Imunify360 for AI-driven malware detection on hosting servers.
  2. ModSecurity ruleset tuned to your CMS.

Recovery

  1. Snapshots before every major change — included on all Root Servers and VPS plans.
  2. Off-server backups on a schedule you’ve actually tested.

Want this applied to your infrastructure? Our engineers do security audits and hardening as a managed service.

Written by Shine Servers Engineering

Put this knowledge on solid infrastructure.

Provision infrastructure in minutes or book a strategy call with our engineers. Humans, not bots — 24/7.