- Plesk for Linux
How to protect a server from hacking?
Here are general recommendations what to do if a server has been compromised:
- Change ALL passwords.
- Allow SSH access via keyfile.
- Make sure to activate all security functions to prevent new hacks, including SELinux.
- Use Web Application Firewall .
- Switch off Perl and Python unless really used and never use mod_perl as well as mod_php .
- Disable unused services and modules.
- Always use WordPress Toolkit Security Check to implement security best practices.
- Install Datagrid VCTR to scan for vulnerabilities.
- Install VirusTotal Website Check to scan websites using multiple anti-virus engines
- Install Fail2Ban to block hack attempts.
- Periodically scan the server for viruses. Applications list can be obtained here .
- Monitor activity on your server actively.
- Switch PHP handlers for domains to a higher supported versions.
- Do not use PHP handler served as Apache module since it is not secure.
- Make sure that WordPress installations are up-to-date and security settings are enabled.
- Make sure that all installed application are up-to-date.
- Filter all unused ports using firewall. Ports that are used by Plesk can be found here .