Hi all, I am new to VPS hosting, and after doing my initial WHM and server configuration I have a few questions for the community, to ensure I'm following best practices and not overlooking anything important. Apologies for cramming so many questions into one post - I thought it would be better than flooding the forum with multiple threads. WHM and OS updates What is the best practice for upgrading the VPS operating system and WHM? I think that by default WHM and cPanel auto-update themselves - is this correct? Security What are some best practices for securing my VPS? Here's what I've done already: - Created a new unix user with a strong password, added it to the wheel group and gave wheel users sudo. This is the user I'll be using to ssh to the VPS. - Disabled password login for root user - Changed root password to something strong - Enabled cPHulk brute force protection in WHM - Change PHP handler to suPHP - Enabled SMTP restrictions - Enabled PHP open_basedir I'll be using my VPS for hosting my personal sites, and a small number of client sites (I'm a web designer/developer). Are there any other tweaks I should make to harden the server security? Firewall I notice that ConfigServer Security & Firewall plugin is installed. Is there anything special I need to configure here? Is the firewall a set-and-forget kind of thing, or do I need to keep an eye on it for e.g. system diagnostics and security? mod_security Should I enable mod_security? I have memories of running into problems with shared hosts where mod_security was running, which makes me wary. That's enough for now I think! Thanks to anyone who can give me some tips on these points.