Hardening refers to the practice of improving the security of your system.

We developed this checklist & guidelines to help you to ensure your application is set up to defy a wide range of attacks.

Check your Iogly hardening score!

Your Score

Lock down your web server with a firewall and only leave ports absolutely required for operation open to the public (ideally only port 80 & 443). If you use multiple servers make sure that only the web servers are publicly accessible. Any other server in the cluster should communicate via a private network.

You can use a tool like nmap to scan the open ports on your system.

Ensuring secure remote access to your web server is essential to make sure your system is secure.

  • Do not allow access to the server via insecure methods like FTP
  • Restrict SSH to key based authentication
  • Use a strong password for your SSH key
  • IP restrict connections to the SSH port

Attackers often use directory listings (indexing) to get the lay of the land. Disabling directory listings is generally a good practice.

Directory listing/indexing documentation for Apache & Nginx

It goes without saying but you should have recent backups of your data. You should also test re-installing your system from backups to ensure your backup strategy works.

Install a real-time intrusion detection system. If an attacker manages to breach your system despite all your hardening efforts you want to know right away to limit damage, inform your customers and implement counter measures.

We recommend Iogly for that.

Start for Free

You should regularly validate your setup. We recommend to bookmark this checklist and go through it at least once every month. Changes in your deployment, staffing & role changes as well as updates to your infrastructure can weaken the security of your system. This is why we recommend regular re-validation.