This Topic is dedicated to absolutely must-have security practices for webservers. Best recommendations will be added to the OP.
Here are a few from my side:
- Use SSH keys instead of SSH Password
- Disallow HTTP access (Move to HTTPS)
- Close down all the ports that you don’t need (Generally all except 22/80/443)
- Set up ping monitoring from downtime monitoring service
- Always stay latest (Update at least twice a month and immediately upon a vulnerability disclosure)
As we all know, nobody is safe on the internet. However, we can try to be on the lesser prone to be victimized side.