A new server is a blank slate — and an open target. Before you deploy anything important, a few hardening steps dramatically reduce your risk. Here’s a practical checklist that takes under an hour.
1. Lock down SSH
- Disable password login; use SSH keys only.
- Disable direct root login over SSH.
- Consider changing the default port to cut down on automated noise.
2. Keep software updated
Enable automatic security updates. The majority of breaches exploit known vulnerabilities that already had patches available.
3. Run a firewall
Only expose the ports you actually need — typically 80 and 443 for web traffic, plus your SSH port. Everything else should be closed by default.
4. Use HTTPS everywhere
Free certificates from Let’s Encrypt make encryption effortless. Redirect all HTTP traffic to HTTPS and renew certificates automatically.
5. Back up — and test the restore
A backup you’ve never restored is just a hope. Automate backups and periodically verify you can actually recover from them.
Security isn’t a one-time task — it’s a habit. But these five steps cover the fundamentals that stop the vast majority of attacks.
Leave a Reply