Blog

Best Practices for Hardening a Linux Server

When it comes to server security, prevention is always better than cure. Whether you’re hosting a personal blog, a client website, or a critical business application, protecting your Linux server from unauthorized access and potential exploits is essential. Hardening your server is the process of reducing its attack surface to minimize vulnerabilities — and it’s a must for any responsible administrator.

In this blog post, we’ll walk through practical, tested Linux server hardening best practices to help you lock down your environment and stay ahead of cyber threats.

Why Linux Server Security Matters

Linux is widely known for its stability and security, but no system is secure by default. Out-of-the-box Linux configurations often leave ports open, use weak settings, or allow unnecessary services. This can open the door to:

• Unauthorized access
• Privilege escalation
• Data breaches
• Ransomware or malware infections
• DDoS attacks

With Vicservers, you get secure-by-default hosting infrastructure, but as a server owner or administrator, hardening your Linux system is your responsibility.

1. Keep Your System Updated

Always start with the basics:

sudo apt update && sudo apt upgrade -y  # Ubuntu/Debian
sudo yum update -y                     # CentOS/RHEL

Enable automatic security updates:

sudo apt install unattended-upgrades

🔁 Regular patching prevents known exploits from being used against your server.

2. Disable the Root Login

Root login is a major target for brute-force attacks. Disable it and create a limited user with sudo privileges instead:

sudo adduser yourusername
sudo usermod -aG sudo yourusername

Edit SSH config:

sudo nano /etc/ssh/sshd_config

Find and change:

PermitRootLogin no

Then restart SSH:

sudo systemctl restart ssh

3. Use SSH Key Authentication

Password authentication is weaker than key-based login. Here’s how to set up SSH keys:

On your local machine:

ssh-keygen -t rsa -b 4096
ssh-copy-id yourusername@yourserver_ip

On the server, disable password logins:

sudo nano /etc/ssh/sshd_config

PasswordAuthentication no

Restart SSH.

4. Set Up a Firewall (UFW)

The Uncomplicated Firewall (UFW) is easy to use and powerful:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw enable

Add more services as needed:

sudo ufw allow http
sudo ufw allow https

✅ Only open ports you absolutely need.

5. Remove Unused Services and Packages

Every installed package is a potential risk. Identify and remove what you don’t use:

sudo netstat -tulpn  # Check listening ports
sudo systemctl list-units --type=service

Remove unnecessary services:

sudo apt purge apache2
sudo apt autoremove

6. Install and Configure Fail2Ban

Fail2Ban helps prevent brute-force attacks by blocking suspicious IPs:

sudo apt install fail2ban

Create a custom jail config:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then edit /etc/fail2ban/jail.local and configure:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5

Restart the service:

sudo systemctl restart fail2ban

7. Disable Unused Network Protocols

Turn off IPv6 if you don’t use it:

sudo nano /etc/sysctl.conf

Add:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

Then apply:

sudo sysctl -p

 8. Configure AppArmor or SELinux

Both are mandatory access control systems that prevent unauthorized access to files and processes.

• AppArmor is easier and used in Ubuntu.
• SELinux is more complex but powerful (used in CentOS/RHEL).

Install AppArmor:

sudo apt install apparmor apparmor-profiles
sudo systemctl enable apparmor

9. Limit User Privileges

Never give full root access unless absolutely necessary. Use sudo and create roles using /etc/sudoers.

sudo visudo

Add rules like:

webadmin ALL=(ALL) /usr/bin/systemctl restart apache2

10. Automate Backups

Security also means recoverability. Automate your backups using:

rsync -av --delete /var/www/ user@backupserver:/backups/site/

Or use VicServers’ off-site backup services for peace of mind.

11. Monitor Logs and Access

Set up logwatch or logrotate to keep an eye on logs:

sudo apt install logwatch
sudo logwatch --detail High --mailto [email protected] --service sshd --range today

Check login attempts:

sudo cat /var/log/auth.log | grep "Failed password"

12. Use Strong Password Policies

Install libpam-pwquality for enforcing password strength:

sudo apt install libpam-pwquality

Edit /etc/pam.d/common-password:

password requisite pam_pwquality.so retry=3 minlen=12 ucredit=-1 lcredit=-1 dcredit=-1

13. Enable Port Knocking (Optional)

This adds an extra layer by hiding the SSH port. It only opens when a specific “knock” sequence is sent.

Install knockd:

sudo apt install knockd

Configure port sequences like:

[options]
    UseSyslog

[openSSH]
    sequence = 7000,8000,9000
    seq_timeout = 15
    command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

14. Use Monitoring Tools

Use htop, top, or glances to monitor server performance.

Install Glances:

sudo apt install glances

Also, tools like Netdata or Zabbix offer web dashboards for proactive monitoring.

✅ Quick Checklist for Hardening a Linux Server

Final Thoughts

Server hardening isn’t a one-time task. It’s an ongoing commitment to security, performance, and reliability. By following these best practices, you significantly reduce your risk exposure and ensure your systems are ready for real-world threats.

At VicServers, we prioritize security at every layer — from hardened infrastructure to 24/7 monitoring and support. Whether you’re managing a VPS, Dedicated Server, or Shared Hosting plan, our platform gives you the tools and guidance to succeed.

Ready to Take Your Hosting Further?

✅ Secure Linux VPS hosting
✅ Automated backups
✅ 24/7 support
✅ DDoS protection and firewalls

👉 Get Started at Vicservers

Have questions or need help hardening your server? Reach out to our support team anytime.

Published by VicServers – Empowering Secure Hosting Across Africa

How to Speed Up Your Website Using GZIP and Caching

Website speed isn’t just a matter of convenience anymore — it’s a ranking factor, a conversion booster, and a customer expectation. A slow-loading site can kill your traffic, hurt your SEO, and cost you money. That’s why enabling GZIP compression and caching are two of the smartest (and easiest) ways to speed up your website today.

In this post, we’ll walk you through how to use GZIP and caching effectively to boost your site’s performance, improve user experience, and reduce bandwidth usage — all in line with Vicservers’ commitment to lightning-fast, secure hosting.

 Why Speed Matters

Before diving into GZIP and caching, here’s why website speed is critical:

• 📉 53% of users abandon a site that takes more than 3 seconds to load (Google)
• 📈 Faster sites rank higher on Google
• 💸 Slow websites lose sales and credibility

With these stakes in mind, let’s jump into two powerful speed-boosting tools: GZIP compression and browser/server caching.

What Is GZIP Compression?

GZIP is a file format and a software application used for file compression and decompression. When GZIP is enabled on your server, it compresses your web files (like HTML, CSS, JavaScript) before sending them to users’ browsers.

✅ Benefits of GZIP:

• Shrinks file sizes by up to 70%
• Reduces page load times
• Saves bandwidth
• Improves SEO scores

How GZIP Works

Imagine you’re sending a long document to a friend. You wouldn’t send 50 pages individually — you’d zip it and send one compressed file. GZIP works the same way: your server compresses files before transmission, and the browser decompresses them on arrival.

How to Enable GZIP on Your Server

If You’re Using Apache:

1. Open your .htaccess file (in your website root folder)
2. Add the following:

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/json
</IfModule>

✅ Make sure mod_deflate is enabled in Apache.

If You’re Using NGINX:

Open your NGINX config (usually in /etc/nginx/nginx.conf) and add:

gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
gzip_min_length 256;
gzip_vary on;

Don’t forget to restart your server after changes:

sudo systemctl restart nginx

If You’re on VicServers (with cPanel):

1. Log in to cPanel
2. Go to Optimize Website
3. Select “Compress All Content”
4. Click Update Settings

That’s it! VicServers makes it beginner-friendly.

✅ Test If GZIP Is Working

Use tools like:

• https://www.giftofspeed.com/gzip-test/
• Chrome DevTools → Network tab → Check content encoding

If you see content-encoding: gzip, it’s working!

What Is Caching?

Caching stores copies of files so future requests load faster. Think of it as your browser or server “remembering” what’s been seen before so it doesn’t reload everything from scratch.

🔄 Types of Caching:

1. Browser Caching – Stores files in the user’s browser
2. Server-Side Caching – Stores pages on the server for quicker rendering
3. CDN Caching – Stores files on edge servers closer to users

How to Enable Browser Caching (Apache)

Add this to your .htaccess file:

<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType text/css "access plus 1 week"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresDefault "access plus 2 days"
</IfModule>

This tells browsers how long they should keep a file cached before rechecking with the server.

How to Enable Caching in NGINX

In your nginx.conf:

location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 7d;
    add_header Cache-Control "public";
}

Don’t forget to reload NGINX:

sudo systemctl reload nginx

🔌 WordPress Users: Use Plugins

If you’re on WordPress, you can use caching plugins like:

• W3 Total Cache
• WP Super Cache
• LiteSpeed Cache (Recommended on VicServers)

These plugins offer one-click caching, GZIP, minification, and CDN support.

 How to Check If Caching Works

Use:

• GTmetrix.com
• Google PageSpeed Insights
• Browser DevTools → “Network” tab → Look for cache-control headers

How Caching and GZIP Work Together

• GZIP reduces file size for each download
• Caching reduces the number of downloads

Together, they create a faster, leaner web experience.

Other Speed Optimization Tips

• Use a Content Delivery Network (CDN) like Cloudflare
• Compress images using tools like TinyPNG
• Limit heavy JavaScript usage
• Enable lazy loading for images
• Regularly update your CMS/plugins/themes

Why Vicservers Is Built for Speed

When you host with Vicservers, you’re not just getting space — you’re getting performance infrastructure built to scale. Our hosting plans include:

• SSD storage
• GZIP-ready configurations
• Server-side caching support
• LiteSpeed for high-speed performance
• One-click WordPress optimization

We give you the tools. You make the impact.

Need Help?

If you’re not sure how to enable GZIP or caching, don’t worry — Vicservers support is always here to assist.

📧 Email: [email protected]
🌐 Website: www.vicservers.com

Final Thoughts

Speed isn’t optional — it’s essential. GZIP compression and caching are two of the most effective ways to optimize your website’s load time and keep your visitors happy. Whether you run a blog, an e-commerce store, or a corporate site, the faster your pages load, the better your results.

Ready to boost your website’s speed and SEO? Host with Vicservers and experience the difference.

Published by VicServers – Powering Nigeria’s Digital Future

WordPress Security 101: Plugins and Server Settings

WordPress powers over 40% of websites globally — and that popularity makes it a prime target for cyberattacks. Whether you’re managing a blog, an e-commerce store, or a corporate website, WordPress security should be one of your top priorities.

In this beginner-friendly guide, we at Vicservers will walk you through the essentials of securing your WordPress site using plugins and proper server configurations.

Why WordPress Security Matters

• 43% of cyberattacks target small businesses
• Over 90,000 attacks happen on WordPress sites every minute
• A hacked site can cost you time, money, traffic, and reputation

Fortunately, you don’t need to be a cybersecurity expert to protect your site. All it takes is smart plugin choices and secure server settings.

Essential WordPress Security Plugins

1. Wordfence Security

Features:

• Web application firewall (WAF)
• Real-time traffic monitoring
• Malware scanning and repair

Why we recommend it:
Wordfence offers one of the best free versions for site protection, plus detailed reports.

2. iThemes Security

Features:

• Brute-force protection
• 404 detection
• File change monitoring

Why we recommend it:
It’s great for beginners and includes over 30 security tweaks right out of the box.

3. Sucuri Security

Features:

• Malware detection
• Website firewall (premium)
• Security activity auditing

Why we recommend it:
Sucuri also offers free malware cleanup with their premium plan — a lifesaver after an attack.

4. WP Login Lockdown

Features:

• Restricts login attempts from the same IP
• Stops brute-force attacks
• Customizable lockout times

Why we recommend it:
Simple and lightweight — great for protecting your WordPress login page.

5. UpdraftPlus (for Backup)

Features:

• Scheduled backups to Google Drive, Dropbox, etc.
• Restore directly from WordPress
• Supports file/database backup

Why we recommend it:
In case of an attack, backups will save your life. UpdraftPlus is the most reliable free backup plugin.

Secure Server Settings (The Vicservers Way)

As important as plugins are, server security is your first line of defense. Here’s how to lock down your hosting environment — especially if you’re on a VPS or dedicated server.

1. Use a Secure Hosting Provider

Choose a host like Vicservers that provides:

• Free SSL
• Firewall & malware scanning
• Regular software patching
• Isolated server environments

2. Keep PHP and MySQL Up-to-Date

Older versions are full of vulnerabilities. Always upgrade to the latest stable versions of:

• PHP (e.g., 8.1 or above)
• MySQL / MariaDB

On Vicservers, we handle these updates for you.

3. Disable Directory Listing

Add this to your .htaccess file to prevent visitors from seeing the contents of folders:

Options -Indexes

4. Limit File Permissions

Set the correct file and folder permissions:

Files:   644  
Folders: 755
wp-config.php: 400 or 440

This ensures hackers can’t modify key files.

5. Move wp-config.php and .htaccess

Move sensitive config files one directory above the web root when possible. This adds a layer of protection from browser-based access.

6. Use SSH/SFTP Instead of FTP

Disable traditional FTP and always use SFTP or SSH for secure file transfers.

7. Install a Web Application Firewall (WAF)

Use a server-level WAF like:

• CSF Firewall
• Fail2Ban (blocks brute-force IPs)
• ModSecurity (built into many cPanels)

We include these on all Vicservers managed VPS.

Additional Tips for Locking Down WordPress

• Use strong passwords & 2FA (Two-Factor Authentication)
• Change the default login URL from /wp-login.php to something unique
• Limit user roles and audit accounts regularly
• Delete unused plugins and themes
• Install a CAPTCHA on login and comment forms

Automate, Monitor, and Recover

Automate:

• Daily backups with UpdraftPlus
• Plugin/theme updates with tools like ManageWP or via cPanel

Monitor:

• Use Wordfence Live Traffic and Sucuri logs
• Set up email alerts for suspicious logins

Recover:

• Keep regular off-site backups
• Have a security action plan if you’re compromised

Pro Tips from Vicservers Experts

• Use Cloudflare for an additional security layer & DDoS protection
• Don’t install plugins from untrusted sources
• Consider a staging environment for safe testing
• Use cPanel’s IP blocker to blacklist frequent offenders

Final Thoughts

WordPress is powerful — but with power comes responsibility. Fortunately, keeping your site safe doesn’t require a cybersecurity degree. A combination of smart plugin choices, proper server configurations, and a reliable host like Vicservers gives your site a strong security foundation.

Need Help Securing Your WordPress Site?

Our team at Vicservers offers:

✅ WordPress hardening
✅ VPS firewall setup
✅ Free SSL installation
✅ Daily malware scans
✅ Full website recovery

 Let’s Secure Your WordPress Site Today

🌐 www.vicservers.com
📧 [email protected]

By Vicservers | Web Hosting Experts in Nigeria

How to Set Up an SSL Certificate for Your Website (Free & Paid)

In today’s internet landscape, SSL certificates are no longer optional — they are a must-have. Whether you’re running a blog, an online store, or a business portfolio, having an SSL certificate protects your visitors’ data and builds trust in your brand.

In this post, we’ll walk you through what SSL is, why it’s important, and step-by-step instructions on setting up both free and paid SSL certificates for your website.

What Is an SSL Certificate?

SSL (Secure Sockets Layer) encrypts data exchanged between your website and its visitors. It ensures sensitive information like passwords, credit card numbers, and personal details can’t be intercepted.

When your website has SSL installed:

• Your URL changes from http:// to https://
• A padlock icon appears in the browser address bar
• Your site is marked as “Secure” by search engines and browsers

Why You Need SSL

• Security: Protects data from hackers and eavesdroppers
• Trust: Visitors feel safer on a secure website
• SEO Boost: Google ranks HTTPS sites higher
• Browser Compliance: Modern browsers flag non-SSL sites as “Not Secure”

Free vs.  Paid SSL Certificates

 How to Install a Free SSL Certificate with Let’s Encrypt (On Linux)

Step 1: Install Certbot

Certbot is a free tool for installing Let’s Encrypt certificates.

For Ubuntu/Debian:

sudo apt update
sudo apt install certbot python3-certbot-apache  # For Apache
# or
sudo apt install certbot python3-certbot-nginx   # For NGINX

Step 2: Generate & Install the SSL Certificate

For Apache:

sudo certbot --apache

For NGINX:

sudo certbot --nginx

Step 3: Auto-Renewal (Let’s Encrypt expires every 90 days)

Add to cron:

sudo crontab -e

Add:

0 0 * * * /usr/bin/certbot renew >> /var/log/ssl-renew.log

Or test manually:

sudo certbot renew --dry-run

How to Install a Paid SSL Certificate (Manual Method)

If you’ve purchased an SSL certificate from a provider (e.g. GoDaddy, Namecheap, DigiCert), here’s how to install it:

Step 1: Generate a CSR (Certificate Signing Request)

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Submit the .csr file to your SSL provider.

Step 2: Receive Your Certificate Files

You’ll typically receive:

• yourdomain.crt (your certificate)
• ca-bundle.crt (intermediate chain)

Step 3: Configure Web Server

For Apache:

<VirtualHost *:443>
  ServerName www.yourdomain.com
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/yourdomain.crt
  SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
  SSLCertificateChainFile /etc/ssl/certs/ca-bundle.crt
</VirtualHost>

For NGINX:

server {
  listen 443 ssl;
  server_name yourdomain.com;

  ssl_certificate /etc/ssl/certs/yourdomain.crt;
  ssl_certificate_key /etc/ssl/private/yourdomain.key;
  ssl_trusted_certificate /etc/ssl/certs/ca-bundle.crt;
}

Restart your server:

sudo systemctl restart apache2
# or
sudo systemctl restart nginx

How to Verify Your SSL Installation

Use online tools:

• 🔗 SSL Labs Test
• 🔗 Why No Padlock

These tools will confirm:

• The certificate is valid
• The chain of trust is correct
• There are no mixed-content issues

 SSL in cPanel (Free & Paid)

Most shared hosting accounts (like on Vicservers) offer 1-click SSL setup from cPanel:

Steps:

1. Log in to cPanel
2. Go to SSL/TLS > Manage SSL Sites
3. Use AutoSSL for Let’s Encrypt or upload a certificate manually
4. Save and verify HTTPS redirection

Pro Tips from Vicservers

• Always redirect HTTP to HTTPS
• Back up your key and cert files
• Use strong SSL protocols (disable TLS 1.0 & 1.1)
• Set reminders to renew paid certificates
• Consider HSTS headers for better security

Conclusion

Installing an SSL certificate — whether free or paid — is a crucial step toward securing your website, improving SEO, and building trust with your users.

At Vicservers, we offer:

• Free SSL with all shared hosting plans
• One-click AutoSSL on cPanel
• Paid SSL certificates for advanced needs
• Professional installation for VPS and dedicated servers

Need Help Setting Up SSL?

We’ve got your back. Our experts will set up your SSL, redirect traffic to HTTPS, and secure your entire website — no stress.

🌐 www.vicservers.com
📧 [email protected]

By Vicservers | Trusted Hosting & Web Security Solutions

Securing Your VPS with Fail2Ban

When it comes to managing your own Virtual Private Server (VPS), security should be your top priority. Cyber threats like brute-force attacks, DDoS attempts, and unauthorized access happen every day — and your server might be a target without you even knowing it.

That’s why at Vicservers, we recommend using Fail2Ban, a lightweight but powerful tool that helps automatically detect and block malicious IP addresses attempting to abuse your server.

What is Fail2Ban?

Fail2Ban is an open-source intrusion prevention framework that scans log files for suspicious activity (e.g., too many failed login attempts) and bans the offending IPs by updating firewall rules.

Key Features:

• Detects brute-force attacks on SSH, FTP, Apache, etc.
• Automatically bans IPs for a specified period
• Logs and tracks attacker behavior
• Customizable filters and actions

Why You Need Fail2Ban on Your VPS

1. Protection from Brute-force Attacks

Automated bots can try thousands of login combinations on SSH in minutes. Fail2Ban blocks IPs after repeated failures, reducing your risk significantly.

2. Lightweight & Resource-Efficient

Unlike full firewall suites, Fail2Ban uses minimal CPU and memory, perfect for small to mid-sized VPSs.

3. Customizable Security Policies

You can define how many failures trigger a ban, how long the ban lasts, and even notify yourself when it happens.

How to Install Fail2Ban on Linux (Ubuntu/Debian)

Step 1: Update Your Server

sudo apt update && sudo apt upgrade -y

Step 2: Install Fail2Ban

sudo apt install fail2ban -y

Step 3: Enable and Start the Service

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Basic Configuration

Fail2Ban’s default config is found in /etc/fail2ban/jail.conf. But never edit it directly. Instead, create a copy:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open the new config:

sudo nano /etc/fail2ban/jail.local

Example SSH Protection:

[sshd]
enabled = true
port    = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime = 3600
findtime = 600

• maxretry – Number of attempts before banning
• bantime – How long to ban in seconds (3600 = 1 hour)
• findtime – Time window to monitor failures

Monitoring Fail2Ban

Check status:

sudo fail2ban-client status

Check specific jail (e.g., SSH):

sudo fail2ban-client status sshd

Unban an IP manually:

sudo fail2ban-client set sshd unbanip 192.168.1.100

Protecting More Than Just SSH

Fail2Ban supports other services too:

Enable them in your jail.local by uncommenting the relevant blocks.

Email Alerts

To receive an email when an IP is banned:

1. Install mail utility:

sudo apt install mailutils

2. Edit jail.local:

destemail = [email protected]
sender = [email protected]
action = %(action_mwl)s

This will send logs and whois information about the attacker.

Best Practices by Vicservers

• Use SSH keys instead of passwords
• Change the default SSH port
• Pair Fail2Ban with UFW or iptables
• Regularly check your logs and ban list
• Keep Fail2Ban up to date

Conclusion

Fail2Ban is one of the simplest yet most effective ways to harden your Linux VPS against common attacks. In just a few minutes, you can dramatically reduce your server’s exposure to automated threats.

At Vicservers, we deploy Fail2Ban on all managed VPS and dedicated servers by default. Whether you’re hosting a website, app, or database — security is never optional.

Need Help?

Let Vicservers handle your server security while you focus on growing your business.

🌐 Visit us at www.vicservers.com
📧 Email: [email protected]

By Vicservers | Expert Linux Hosting & Server Security