✍️ Full Blog Content:
Intro:
Hosting a website on Linux isn’t just about setting up Apache or Nginx — it’s about making sure your server doesn’t get turned into someone else’s playground. Over the years, I developed a personal checklist: five hardening techniques I apply every single time before a site goes live.
If you skip these, you’re inviting trouble.
- Move SSH to a Non-Standard Port and Harden Config Attackers scan port 22 constantly. One of the first things I do:
✅ Steps:
sudo nano /etc/ssh/sshd_config
Change port to something like 2210
set
PermitRootLogin no PasswordAuthentication no AllowUsers youradminuser
✅ Restart SSH:
sudo systemctl restart sshd
🔒 Bonus Tip:
Whitelist your IP range in firewall rules if possible.
- Enable Web Server Hardening Modules For Apache:
Enable security headers
Install mod_evasive and mod_security
sudo a2enmod headers
sudo apt install libapache2-mod-security2 libapache2-mod-evasive
Configure /etc/apache2/conf-available/security.conf:
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header always set X-Frame-Options "DENY"
Header always set X-XSS-Protection "1; mode=block"
For Nginx: Edit /etc/nginx/nginx.conf:
server_tokens off;
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self';";
- Install and Configure Fail2Ban Defends against brute-force login attempts.
✅ Ubuntu:
sudo apt install fail2ban
✅ Red Hat:
sudo yum install epel-release
sudo yum install fail2ban
✅ Configure /etc/fail2ban/jail.local to monitor:
SSH
Web server errors
Admin login pages (for CMS-based sites)
- Disable Unused Services and Open Ports Every open service is another attack surface.
✅ List all open ports:
sudo ss -tuln
✅ Disable unnecessary services:
sudo systemctl disable
sudo systemctl stop
✅ Use ufw or firewalld to allow only essential traffic
SSH (your new port)
HTTP (80)
HTTPS (443)
- Set Strict File and Directory Permissions for Web Root ✅ Web root (like /var/www/html) should not be owned by root.
Ubuntu:
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html
Red Hat:
sudo chown -R apache:apache /var/www/html
sudo chmod -R 755 /var/www/html
✅ Critical config files (like .env, wp-config.php) should be 640 or stricter:
sudo chmod 640 /var/www/html/.env
Conclusion:
Building a website is exciting. Losing it to an attacker? Not so much.
If you apply these 5 hardening techniques right after server setup — before a single user visits your site — you’ll be miles ahead in protecting your project, your data, and your reputation.
Because in Linux security, the small steps you take now prevent the big disasters later.
💬 Question: What is your thought about it? Pls write your comments below!
🙏 Thank you for being a part of the community
👏 Before you go:
Be sure to clap and follow me!
Follow me on social media:
LinkedIn: https://www.linkedin.com/in/bornaly/
Medium: https://medium.com/@bornaly/subscribe[](url)