Been a min.

[jdc20181]

I have not been on here for a while is that a good thing or a bad thing? Maybe a mixture? I now have 2 clients for my side "hobby" of website administration and development. So far so good. Doing these first two free of charge. Down the road I will charge. They are however paying for the server and domain.

Site 1 was for my sister's business. Still working on it since its a custom deck.

Site 2 is for a political campaign website set to launch next year using self hosted wordpress. Wordpress was a bit of a pain in the backside to install. Ubuntu seems to still rock. Command line stuff makes me sick at my stomach. In other words I am not that great. But I got through it.

Any pointers on Server Security?

I am going to use Cloudflare's DDOS protection, but otherwise any ideas on ways to increase security.

[kfcSmitty]

First I would recommend you familiarize yourself with this: https://www.owasp.org/index.php/SCG_WS_Apache

A good start would also be to configure unattended upgrades: https://help.ubuntu.com/community/Au...ecurityUpdates and ensure iptables has everything locked down so only ports 80, 443, 22, and 53 are open for inbound connections (and any others you may want like FTP). Good walkthrough here: https://bencane.com/2012/09/17/iptab...ic-web-server/

And also ensure SSH is set up to require private key authentication only. Example here: https://www.digitalocean.com/communi...ys-on-debian-9

Those are the basics to get your server decently secured. After that you'll need to make sure your wordpress stays up to date, as well as ensuring you run proper backups both onsite and offsite.