Security review - are we secure enough?

We have configured a CentOS droplet that will be home to three mobile applications and a few websites. We have installed WHM/cPanel, nodejs, angularjs, mysql and npm to monitor it all.

The droplet was configured by the developer of the application. We are looking for a community member to security test our environment and recommend any changes, for which we will pay an hourly rate to first make recommendations and then secondly to carry out any necessary changes to the environment. This is to ensure we have a safe and secure set up and independently test the developers work. We will also be employing a mobile app developer to review the actual coding of the application and portal website that controls that. So this work is just to ensure the security of the droplet is robust. I can be contacted at if you are interested in this project. Many thanks Andy


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello, all

A little update on this question.

I’ve recently posted a mini tutorial related with PCI Compliance scan where the outdated TLS versions had to be disabled in order the user to pass the scan. You can check it here:

Hope this helps! Regards, Alex

Hello, @andyparr1

I will recommend you to secure the server at level same as when applying for PCI compliance. This includes to get rid of all of the old TLS supported versions, disable FTP and insecure mail ports, also disable any port which is not needed and leave just those you actually use (22, 80, 443 and etc). You can also update all the security ciphers for Apache and the rest of the cPanel services as well.

With cPanel you also have the option to use the Host Access Control meaning that you can close every port and make it available only for whitelisted IPs. This is something which is really handy as you can allow only your IP addresses to connect to the server.

Regards, Alex