Best Practices - Security
You will find best practices on this site to keep CloudPanel, the server, and your sites safe.
CloudPanel is being shipped with an integrated Firewall based on UFW, also known as Uncomplicated Firewall.
Open port 22 (SSH) and 8443 (CloudPanel) only for your IPs. If you don't have a static IP, consider a VPN solution like OpenVPN.
Most cloud providers offer firewall/security groups to manage the inbound and outbound traffic. The recommended way is to use them instead of the integrated Firewall. For performance and security reasons, it's recommended to block all traffic before reaching the server.
A Basic Auth in front of CloudPanel adds an extra layer of security, especially if you can't close/whitelist port 8443 (CloudPanel).
Enable Two-Factor Authentication for your users, providing a second layer of security in case a user is using a weak password or the password is stolen.
Software may have security vulnerabilities, therefore is important to Update CloudPanel constantly.
Data security is very important. A good backup strategy is essential for every site. Hardware can break anytime, the file system can become corrupted, or someone deletes files accidentally. With a good backup strategy, we can limit the data loss to a minimum in case of an accident. The most critical part is the database which constantly gets updated.
With more than 11 years of Managed Magento Hosting experience, we found out that hourly Amazon Machine Images (AMI) are a great backup solution for our customers. AWS basically creates one full backup and performs incremental backups every hour.
With CloudPanel, you can enable automatic backups; see the available Cloud Features.
With the integrated Remote Backups, you can store copies of your sites to services like Amazon S3, Wasabi, Digital Ocean Spaces, Dropbox, SFTP, and other storage providers.
#Test your Backups
If you need to restore some files or databases, you don't want to discover that your backups are not working. A good approach to test your backups and an up-to-date test/staging environment. To achieve that, you can develop a script that updates your environments, e.g., once daily via cron job.
#Upgrade Software and Operating System
Staying up to date on all software and operating system-related security fixes is essential. Server systems and software technologies are so complicated that some of the security vulnerabilities they carry can easily go unnoticed.
To ensure maximum server protection, you should complete the process of server security hardening. Simply put, that means applying basic and advanced security measures to address vulnerabilities in your server software and operating system to boost overall server security.
Common ways to achieve server hardening include:
- Using strong passwords
- Completing regular system backups
- Keeping operating systems up to date and applying security patches as they are released
- Installing firewalls and antivirus software
- Removing unnecessary third-party software
- Communication and data encryption
#Web Application Firewall
Protecting your site against common web attacks like DDoS Attacks, SQL Injections, or Cross-Site Scripting is crucial.
We can recommend the following services: