ServerPilot is designed to keep your servers secure and your data safe. Our team has a strong security background. Security research published by our team members includes identifying vulnerabilities in Linux package managers, designing secure software update systems, and securing browsers against CSRF exploits.
Before you can use SSH public key authentication, you need to generate an SSH key pair. A key pair is a set of related keys, one public key and one private key.
To SSH/SFTP into your server using public key authentication, you must first add your public key to a system user's list of authorized keys.
SSH public key authentication is a method of logging into an SSH/SFTP account using a cryptographic key rather than a password.
Once you have enabled SSL on your site, ServerPilot makes it easy to redirect all plain HTTP requests to HTTPS.
Maintaining the security of your apps and servers is key to the success of your business and that of your clients.
ServerPilot enables an iptables firewall on your server. The firewall allows only the following incoming ports: TCP port 22 (SSH) TCP port 80 (HTTP) TCP port 443 (HTTPS) If you need to change any of these settings, be sure to read our article on customizing the firewall.
By default, TLS 1.0 and TLS 1.1 are disabled on your server as they are outdated protocols that are no longer considered secure.
ServerPilot no longer supports TLS 1.0 or TLS 1.1. This article is obsolete. You do not need to take any action to disable TLS 1.
Some server providers, such as Amazon EC2 and Google Compute Engine, disable SSH password authentication by default. That is, you can only log in over SSH using public key authentication.
Creating a CAA record is not required. If you are having problems obtaining an SSL certificate due to your domain having an incorrect CAA record, you should delete your domain's incorrect CAA record.
After the initial installation, ServerPilot does not depend upon SSH or your root password in any way, so you may change the SSH port, disable password authentication, etc.
Password strength is one of the most important factors in determining the ability of your server and your apps to ward off brute force attacks.
Wordfence Security is a free plugin for WordPress that includes a web application firewall (WAF), virus scanning, and real-time traffic monitoring with geolocation.
ServerPilot automates daily updates of your Ubuntu server's installed .deb packages. This includes packages ServerPilot installs as well as any additional packages you install from Ubuntu's repositories.
If you need your server's firewall rules to be different than the firewall rules configured by ServerPilot, you can customize your server's firewall.
Introduction The Payment Card Industry (PCI) Data Security Standard is an information security standard for the handling of credit card information.
If you wish to only allow specific addresses to access an app, you can add the following to your app's .
A brute force attack on WordPress occurs when an attacker attempts to log in to WordPress by trying a large number of common passwords.
If you suspect you are under attack from a specific IP address, you can block it from accessing your server by using a service like CloudFlare or by using security plugins if you're running WordPress.
If you use CloudFlare for your site, you can change your settings to block visitors by IP range. First, log in to your CloudFlare account and select Firewall from the menu.
Vulnerable plugins and themes are the leading causes of WordPress compromises. To ensure the security of your app's code, you should use a web-application firewall, such as CloudFlare or Wordfence.
Protect is a key part of WordPress's Jetpack plugin that helps block brute force attacks against your site. Protect provides brute force attack prevention by tracking failed login attempts across all Jetpack installations and blocking any IP that has too many failed login attempts.
As long as you use strong passwords, it is not necessary to disable SSH password authentication for your server; however, you can disable it if you would like.
By default, web browsers do not allow websites to make cross-origin requests in certain security-sensitive situations. To tell browsers to allow cross-origin requests to a site that belongs to you, you can use cross-origin resource sharing (CORS).
HTTP Strict Transport Security (HSTS) is a security mechanism in which a website tells the browser that all future requests should be made over HTTPS.
If you want to limit access to one of your apps, you can place password protection on it using a .
You can give limited access to a single file on your server by using a .htaccess file, similar to protecting a directory.
If you have customized your firewall, you can easily reset it back to ServerPilot's default settings. First, open your server in ServerPilot and navigate to the Settings tab.
Just like the unwanted messages in your email inbox, comment spam consists of unsolicited advertisements or links to other sites that can appear in the comments on your site's forums, blogs, wikis, and guestbooks.
For additional security from online threats to your site, CloudFlare is a popular—and free—content delivery network (CDN) that accelerates your site while protecting it from DDOS (distributed denial of service) attacks.
The CloudFlare plugin works in tandem with Akismet to filter spam comments on your WordPress site. Every time you flag a comment as spam, CloudFlare is notified and updates its records to increase the protection of your site.
NinjaFirewall is a stand-alone web application firewall that stands between your WordPress site and everyone else. It easy to use and is installed just like a plugin.
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are protocols used for securing the communication between web browsers and servers.