This page looks best with JavaScript enabled

How to Secure A Web Server

 ·  ☕ 2 min read  ·  ✍️ Chris Titus

In this article, I show you all the steps needed to secure a web server and improve your security. I recommend doing all of these things on every installation. Also, just because you secure your server doesn’t mean you can neglect it. I highly recommend monitoring it and adjusting security as needed. Monitoring is required for proper security in my opinion.

Secure A Web Server Steps


Install UFW
sudo apt-get update
sudo apt-get install ufw
sudo ufw limit 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

sudo ufw status

Do Global blocks
sudo ufw default deny incoming
sudo ufw default allow outgoing


Change SSH to Key

Remote Machine: ssh-keygen -t rsa

Transfer to Server

Method 1:

Transfer pub ssh key to server
scp ~/.ssh/ [email protected]:~
cat ~/ >> ~/.ssh/authorized_keys

Method 2:

Copy key and place in authorized_key file in one command
ssh-copy-id -i ~/.ssh/ [email protected]

Secure a Web Server Disabling Password Auth through SSH

Change the following lines in /etc/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no

Edit /etc/sysctl.conf

Enable security features


Prevent IP Spoof /etc/host.conf

Change File to mirror below:
​order bind,host
nospoof on

Install Fail2Ban

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check Listening Ports

netstat -tunlp

You will now have completed the basics of a secure web server!

Video Walkthrough

secure web server
Note: YouTube Video - Hold Ctrl + Left Click to open in new window

I live stream on Twitch and encourage you to drop in and ask a question. I regularly publish on YouTube and, but if you need immediate assistance, check out our discord channel at Chris Titus Tech Discord.

Share on
Support the author with

Chris Titus
Chris Titus
TechGuy On YouTube