Hi

Hi.

I've played with Centminmod in the past, but ended up wanting to set up everything myself. I'm currently on a VPS at Digital Ocean. Now I'm getting to be done with 100% self management and am looking to make things easier. I've looked at managed VPS hosting, but it seems that it's really not that managed in the lower plans or it's too locked down (and quite expensive) in the higher ones. Then there are services like serverpilot and cloudways, but I'm not sure if it's that much of a value-add compared to something like Centminmod (especially if you're used to managing servers yourself).

The main question I have, and I apologize if this isn't the right forum to ask, is how secure is Centminmod out of the box? Are there common extra security measures that are recommended before launching an eCommerce site with Wordpress and a membership plugin using Paypal Pro? I've browsed the FAQ and searched the forums, but I couldn't find a definitive (e.g., "one page") answer/guide. And I don't mean making sure the application has secure code or adding a third party WAF, etc. I'm wondering about the server itself.

Thanks and it's nice to meet y'all.

---

 

Thanks for the quick reply. I usually do these (and change the ssh port, which looks like it's a menu option) anyway.

Is there a resource for that? I depend on a plugin that, unfortunately, needs to run something that depends on a file in that folder. Basically, the user clicks a link and a needed item is generated, but it takes a https trip beneath wp-admin to get there. Assuming that the user is already logged on, would this 2nd layer interfere?