If you log in to your server from one or two computers, then you can use SSH key based authentication.
However, if you have multiple users and often log in from multiple public computers then, it might be troublesome to exchange key every time.
So based on the situation, if you opt to disable password-based authentication, you can do it as following.
Note: this assumes you have already set up SSH key exchange.
Modify /etc/ssh/sshd_config using vi editor
Add the following line or uncomment it if exist
Reload the SSH Daemon
Protecting from DDoS Attacks
DDoS (Distributed Denial of Service) can happen at any layer, and this is the last thing you want as a business owner.
Finding the origin IP is possible, and as a best practice, you shouldn’t be exposing your server IP to the public Internet. There are multiple ways to hide the “Origin IP” to prevent the DDoS on your cloud/VPS server.
Use a load balancer (LB) – implement an Internet-facing load balancer, so server IP is not exposed to the Internet. There are many load balancers you can choose from – Google Cloud LB, AWS ELB, Linode Nodebalancer, DO LB, etc.
Use a CDN (Content Delivery Network) – CDN is one of the great ways to improve website performance and security.
When you implement CDN, you configure DNS A record with the anycast IP address provided by the CDN provider. By doing this, you are advertising CDN provider IP for your domain and origin is not exposed.
There is many CDN provider to accelerate the website performance, DDoS protection, WAF & many other features.
So pick the CDN provider who provider performance & security both.
Tweak the Kernel settings & iptables – you can leverage iptables to block suspicious requests, non-SYN, bogus TCP flag, private subnet and more.
Along with iptables, you may also configure the kernel settings. Javapipe has explained it well with the instructions so that I won’t duplicate it here.
Use a firewall – If you afford a hardware-based firewall then excellent otherwise you may want to use a software-based firewall that leverages iptables to protect the incoming network connection to the VM.
There are many, but one of the most popular ones is UFW (Uncomplicated Firewall) for Ubuntu and FirewallD for CentOS.
Backup is your friend! When nothing works then the backup will rescue you.
Things can go wrong, but what if you don’t have the necessary backup to restore? Most of the cloud or VPS providers offer backup at a little extra charge and one should always consider.
Check with your VPS provider how to enable backup service. I know Linode and DO charge 20% of droplet pricing for the backup.
If you are on Google Compute Engine or AWS, then schedule a daily snapshot.
Having a backup will quickly allow you to restore the entire VM, so you are back in business. Or with the help of a snapshot, you can clone the VM.
Keeping your VM OS up-to-date is one of the essential tasks to ensure your server is not exposed to any latest security vulnerabilities.
In Ubuntu, you can use apt-get update to ensure the latest packages are installed.
In CentOS, you can use yum update
Don’t leave opened ports
In another word, allow the needed ports only.
Keeping unwanted open ports like an inviting attacker to take advantage. If you are just hosting your website on your VM then most likely you need either port 80 (HTTP) or 443 (HTTPS).
If you are on AWS, then you can create the security group to allow only the required ports and associate them with the VM.
If you are on Google Cloud, then allow the necessary ports using “firewall rules.”
And if you are using VPS then apply basic iptables ruleset as explained in Linode guide.
The above should help you in hardening and secure your server for better protection from online threats.
Alternatively, if you are not ready to manage your VM, then you may prefer Cloudways who manage multiple cloud platforms. And if you are specifically looking for premium WordPress hosting then this one.
As the founder of Geekflare, I’ve helped millions to excel in the digital realm. Passionate about technology, I’m on a mission to explore the world and amplify growth for professionals and businesses alike.