Server Hygiene

In this module you will secure your server's foundation by locking down root access and configuring sudo. You'll also add two-factor authentication for SSH logins and set up fail2ban to block brute force attempts.

This module is brought to you by Cherry Servers: a wide range of dedicated and virtual servers at a great price, with fast delivery and outstanding 24/7 human support.

This module is brought to you by DigitalOcean: If you want fast VPS provisioning and clear, no-surprise pricing for your next WordPress box, DigitalOcean is a solid pick.

Next, you'll configure a firewall so that only the services you explicitly allow are exposed. You'll also enable logrotate to keep log files from filling up your disk, and turn on unattended upgrades to ensure security updates are applied automatically, even while you're away.

The tools you configure here will continue to play a role in future modules: blocking WordPress login and XML-RPC attacks with Fail2Ban, sending email alerts when upgrades fail, and keeping your WordPress, PHP and Nginx logs manageable for audit and troubleshooting.

Lessons in this module

• Create a non-root user with an SSH key and sudo
• Two-factor authentication for SSH
• Installing Fail2Ban for SSH bruteforce protection
• Creating and maintaining a firewall configuration
• Rotating log files with Logrotate
• Enabling unattended security upgrades

Next module: PHP & Nginx