HestiaCP Security

Control	Status	Notes
2FA enabled for all admins	☐	Via user settings
HTTPS with valid certificate	☐	Let’s Encrypt recommended
Firewall configured	☐	HestiaCP firewall + CSF
fail2ban deployed	☐	HestiaCP jails configured
Database hardened	☐	mysql_secure_installation
PHP hardening applied	☐	Disable dangerous functions
File permissions secured	☐	Config 600, directories 755
SSH hardened	☐	Key-only auth, non-standard port
Backups encrypted	☐	Off-server storage
Centralized logging	☐	Forward to SIEM
Regular updates scheduled	☐	HestiaCP + system packages
File integrity monitoring	☐	AIDE configured

¶ HestiaCP Security & Hardening