There are two config directives that controls Apache version.
The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients.
The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
Add the following to .htaccess
One of the must do on setting a secure Apache webserver is to disable directory browsing. This could prevent the server from showing a listing of the existing files if there’s no index in one folder.
Disable directory browsing via .htaccess
Add in the .htaccess file the following
The famous 5 minutes installation for WordPress state that:
Create a database for WordPress on your web server, as well as a MySQL user who has all privileges for accessing and modifying it
Most installation instruction for WordPress on the web state that you can GRANT ALL PRIVILEGES to that user.
Q. What are the least required access rights or privileges that I should grant to this user for WordPress to function properly?
A. You can grant the following permissions to a MySQL user :
- CREATE TEMPORARY TABLES
- LOCK TABLES
When avisitor tries to obtain access to .htaccess file, server automatically generates a 403 forbidden error.
However, we can apply an extra layer of security to .htaccess
Add the following
# Protect the htaccess file
Deny from all
Note: htaccess file permissions is 644 (chmod)
The server we are transferring the accounts from : OLD SERVER
The server to are transferring the accounts to : NEW SERVER
PROCESS ON NEW SERVER
1. Log into WHM. If your server is a new server, create a main account. The main account is also your new server’s name servers (NS1 and NS2) . Or if your server isn’t a new server, you can create or use another account available on your NEW SERVER. The account will be used to accept backup files from OLD SERVER. Remember : We need an address (we can use domain name or IP address), NEW SERVER’s account and its password to be used as a container for OLD SERVER’s backup files.
PROCESS ON OLD SERVER :
1. Log into cPanel account. If you don’t know your clients login (if you move entire content of the server with some accounts belongs to clients), use that client username and your master password. Choose Admin Layer
2. Choose Backup (Do not choose Backup Wizard). Then choose Generate/Download A Full Backup
3. Select the backup destination to Remote FTP Server.
4. Enter you email address for verification. If you are transferring your client, make sure to enter your own email address, not your client’s
5. Enter this :
Remote Server : NEW SERVER’s address (you can use domain name or ip address)
Remote User : NEW SERVER’s account (you can use NEW SERVER’s main account. This was explained in PROCESS ON NEW SERVER STEP NO. 1)
Remote Password : NEW SERVER’s account password
PORT : 21
6. That would be enough. Click Generate Backup. This may take some time to back up the files, depending on how large the account is. You should receive an email once it’s complete.
AFTER YOU GET OLD SERVER’s Backup File on NEW SERVER
1. Log into SSH on your NEW SERVER
2. type this :
note : account_name is the name of the account used to back up OLD SERVER’s account files
Running the list command will make you see the tar file of the account on the OLD SERVER.
3. Move the tar file to your NEW SERVER’s /home directory with the following command :
mv tar_file_name /home
4. Log into NEW SERVER’s WHM and go to Backup and choose Restore a Full Backup/cpmove file. You should see the OLD SERVER’s file with old account’s username under Possible cpmove archives found.
5. Type in the account name ( I suggested that you should use same account name with old account) in the text field in WHM (Enter the username for the account you wish to restore)
6. Click Restore
Additional information : After transfer completed, check out a package on an account. Make sure you setup the right package used by the account.
Warning : If you use each step above, you should restore each account, not multiple accounts at once. When you reach step no 2 in AFTER YOU GET OLD SERVER’s Backup File on NEW SERVER, move only one file to /home directory or you coud make cPanel confused.