New Account, Priority #1: Security


Although I joined the forum last month and I got one of my clients to move here from his shared hosting plan at HostGator, I just signed up for my own account here earlier this evening. My first concern is security.

I have a number of websites, but the one nearest and dearest to me is a forum, using vBulletin software and several add-ons and modifications. I want to make sure that site, and all my others, will be just as secure as they were on the shared plan.

Is the VPS a secure server environment right out of the box, or do I have to do something to assure the security of my sites? I've been using shared plans for several years and this is my first experience with a VPS, so I am unsure what to expect. I'm also a bit anxious about having to learn so much new stuff, but I have a feeling I have picked the right host and a good forum.

Thanks for any guidance,

"Security" is a pretty broad topic. Whether or not your server is "secure" depends entirely on what you're doing with it. All the firewalls in the world aren't going to help anything if you install a buggy script or send your root password out in an email.

That being said, it's probably about as secure as it was at HostGator. There are professional auditors out there who will plug up all the holes for you, but it's next to impossible to offer any specific advice without a more specific question.
Well, more specifically, the scripts I am running currently are a vBulletin forum and a WordPress blog. Everything else is straight XHTML/CSS.

Since I am unfamiliar with the features and functions of a VPS, I can only relate it to my desktop computer. So, my questions would be something like, do I need to set up some kind of firewall, or is there one or something similar in place? Do I need to install a virus detection or spyware type program, or is this covered? Am I looking at just configuring what's already there, or should I be shopping for applica$ion$ that will cover the basics?


I've never heard of spyware targeting servers since there's not really anyone to spy on or show ads to. Virus authors usually go after Windows but if you think you're going to be inviting a lot of attacks you may want to invest in something there. There's already a basic firewall in place and others are freely available. Wordpress is a pretty frequent target unfortunately.