Every webmaster must have a server security checklist so that it is ensured that the server is hardened and cannot be infiltrated.
In a web hosting server, hardening the SSH, tmp, PHP, DNS server is necessary.
There should also be installed a well configured firewall.
It is also necessary that useless and redundant services are disabled.
Frequent updates are also required.
Some popular solutions for wordpress sites include fail2ban and modsecurity.
There is also a wordpress fail2ban plugin which is popular amongst wordpress webmasters.
Wordfence is also excellent.
It must be remembered that these plugins do not offer server level protection.
It must be ensured that all unused ports are closed.
Also, the default port for SSH (which is Port 22) must be switched to a different port number.
Blocking the default port for SSH is an example of security through obscurity.
The advantage of switching ssh ports is that it helps reduce automated hacking/scanning attempts.
This is a big held because a major part of the attacks are automated.
There is a detailed tutorial on how to change the default SSH port (see Secure & Harden Centos VPS Server (change Port, disable Root & Add sudo user)
A well configured firewall such as CSF is also essential.
The CSF firewall has excellent configuration for security and triggered based alerts (see tutorial on how to Install CSF Firewall).
Other security measures to harden the VPS server include:
– Chroot Most of services.
– ModSecurity.
– GRsecurity.
– CloudLinux (CL) for resource management and Isolation
However, the ultimate protection is that every webmaster should have an automated system for backing up his website files and database into Amazon S3 and/ or Google Cloud (see MySQL Backup | Easy Guide To Backup MySQL Database With Automated Script)