A proper security audit is how you catch problems before attackers do. Whether you’re on a shared plan, a VPS, or a Dedicated Server<\/a>, the same core principles apply: reduce your attack surface, monitor what’s changing, and keep software current.<\/p>\nThis checklist is structured for 2026 environments running cPanel\/WHM, Plesk, or a plain Linux stack (Ubuntu 24.04 LTS or AlmaLinux 9.x are the most common at this point). Not every item will apply to your setup \u2014 use your judgment and skip sections that genuinely don’t fit.<\/p>\nI’d recommend running through this fully at least once a quarter, and after any major incident, software upgrade, or new staff member getting server access. Smaller shops often skip the audit entirely until something breaks \u2014 don’t be that shop.<\/p>\nPrerequisites<\/h2>\n\nRoot or sudo access to the server (or WHM Administrator access for cPanel environments)<\/li>\nSSH client \u2014 PuTTY on Windows, Terminal on macOS\/Linux<\/li>\nBasic familiarity with the Linux command line (you don’t need to be an expert, but you need to be comfortable running commands)<\/li>\nA record of what software is supposed to be installed \u2014 if you don’t have this, build one during this audit<\/li>\nBackups confirmed working before you make any changes<\/li>\n<\/ul>\nStep-by-Step Security Audit Checklist<\/h2>\n1. Confirm All Software Is Up to Date<\/h3>\nUnpatched software is the single most common root cause of successful server compromises. Run updates first so the rest of your audit reflects the actual current state of the system.<\/p>\nOn AlmaLinux \/ CentOS Stream 9:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ndnf update -y && dnf upgrade -y<\/code><\/pre>\n<\/div>\nOn Ubuntu 24.04:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\napt update && apt upgrade -y && apt autoremove -y<\/code><\/pre>\n<\/div>\nIn WHM, navigate to Home > cPanel > Upgrade to Latest Version<\/strong> and also run Home > Server Configuration > Update Preferences<\/strong> to confirm automatic updates are enabled for security releases.<\/p>\n\ud83d\udcdd Note: On production servers, I’d recommend testing updates on a staging instance first, particularly for major cPanel version jumps. Minor and security updates are generally safe to apply immediately.<\/p>\n2. Audit SSH Configuration<\/h3>\nSSH is the front door. Most brute-force attempts target port 22 with default settings, so locking this down is non-negotiable.<\/p>\nOpen the SSH daemon config:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\nCheck or set these values:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nPort 2222 # Change from default 22 \u2014 pick any unused port above 1024\nPermitRootLogin no # Never allow direct root SSH login\nPasswordAuthentication no # Enforce SSH key auth only\nPubkeyAuthentication yes\nMaxAuthTries 3\nLoginGraceTime 30\nX11Forwarding no\nAllowUsers youruser # Whitelist specific users<\/code><\/pre>\n<\/div>\nAfter saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nsystemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
This checklist is structured for 2026 environments running cPanel\/WHM, Plesk, or a plain Linux stack (Ubuntu 24.04 LTS or AlmaLinux 9.x are the most common at this point). Not every item will apply to your setup \u2014 use your judgment and skip sections that genuinely don’t fit.<\/p>\n
I’d recommend running through this fully at least once a quarter, and after any major incident, software upgrade, or new staff member getting server access. Smaller shops often skip the audit entirely until something breaks \u2014 don’t be that shop.<\/p>\n
Unpatched software is the single most common root cause of successful server compromises. Run updates first so the rest of your audit reflects the actual current state of the system.<\/p>\n
On AlmaLinux \/ CentOS Stream 9:<\/p>\n
dnf update -y && dnf upgrade -y<\/code><\/pre>\n<\/div>\nOn Ubuntu 24.04:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\napt update && apt upgrade -y && apt autoremove -y<\/code><\/pre>\n<\/div>\nIn WHM, navigate to Home > cPanel > Upgrade to Latest Version<\/strong> and also run Home > Server Configuration > Update Preferences<\/strong> to confirm automatic updates are enabled for security releases.<\/p>\n\ud83d\udcdd Note: On production servers, I’d recommend testing updates on a staging instance first, particularly for major cPanel version jumps. Minor and security updates are generally safe to apply immediately.<\/p>\n2. Audit SSH Configuration<\/h3>\nSSH is the front door. Most brute-force attempts target port 22 with default settings, so locking this down is non-negotiable.<\/p>\nOpen the SSH daemon config:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\nCheck or set these values:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nPort 2222 # Change from default 22 \u2014 pick any unused port above 1024\nPermitRootLogin no # Never allow direct root SSH login\nPasswordAuthentication no # Enforce SSH key auth only\nPubkeyAuthentication yes\nMaxAuthTries 3\nLoginGraceTime 30\nX11Forwarding no\nAllowUsers youruser # Whitelist specific users<\/code><\/pre>\n<\/div>\nAfter saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nsystemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
On Ubuntu 24.04:<\/p>\n
apt update && apt upgrade -y && apt autoremove -y<\/code><\/pre>\n<\/div>\nIn WHM, navigate to Home > cPanel > Upgrade to Latest Version<\/strong> and also run Home > Server Configuration > Update Preferences<\/strong> to confirm automatic updates are enabled for security releases.<\/p>\n\ud83d\udcdd Note: On production servers, I’d recommend testing updates on a staging instance first, particularly for major cPanel version jumps. Minor and security updates are generally safe to apply immediately.<\/p>\n2. Audit SSH Configuration<\/h3>\nSSH is the front door. Most brute-force attempts target port 22 with default settings, so locking this down is non-negotiable.<\/p>\nOpen the SSH daemon config:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\nCheck or set these values:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nPort 2222 # Change from default 22 \u2014 pick any unused port above 1024\nPermitRootLogin no # Never allow direct root SSH login\nPasswordAuthentication no # Enforce SSH key auth only\nPubkeyAuthentication yes\nMaxAuthTries 3\nLoginGraceTime 30\nX11Forwarding no\nAllowUsers youruser # Whitelist specific users<\/code><\/pre>\n<\/div>\nAfter saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nsystemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
In WHM, navigate to Home > cPanel > Upgrade to Latest Version<\/strong> and also run Home > Server Configuration > Update Preferences<\/strong> to confirm automatic updates are enabled for security releases.<\/p>\n\ud83d\udcdd Note: On production servers, I’d recommend testing updates on a staging instance first, particularly for major cPanel version jumps. Minor and security updates are generally safe to apply immediately.<\/p>\n2. Audit SSH Configuration<\/h3>\nSSH is the front door. Most brute-force attempts target port 22 with default settings, so locking this down is non-negotiable.<\/p>\nOpen the SSH daemon config:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\nCheck or set these values:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nPort 2222 # Change from default 22 \u2014 pick any unused port above 1024\nPermitRootLogin no # Never allow direct root SSH login\nPasswordAuthentication no # Enforce SSH key auth only\nPubkeyAuthentication yes\nMaxAuthTries 3\nLoginGraceTime 30\nX11Forwarding no\nAllowUsers youruser # Whitelist specific users<\/code><\/pre>\n<\/div>\nAfter saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nsystemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\ud83d\udcdd Note: On production servers, I’d recommend testing updates on a staging instance first, particularly for major cPanel version jumps. Minor and security updates are generally safe to apply immediately.<\/p>\n
SSH is the front door. Most brute-force attempts target port 22 with default settings, so locking this down is non-negotiable.<\/p>\n
Open the SSH daemon config:<\/p>\n
nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\nCheck or set these values:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nPort 2222 # Change from default 22 \u2014 pick any unused port above 1024\nPermitRootLogin no # Never allow direct root SSH login\nPasswordAuthentication no # Enforce SSH key auth only\nPubkeyAuthentication yes\nMaxAuthTries 3\nLoginGraceTime 30\nX11Forwarding no\nAllowUsers youruser # Whitelist specific users<\/code><\/pre>\n<\/div>\nAfter saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nsystemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Check or set these values:<\/p>\n
Port 2222 # Change from default 22 \u2014 pick any unused port above 1024\nPermitRootLogin no # Never allow direct root SSH login\nPasswordAuthentication no # Enforce SSH key auth only\nPubkeyAuthentication yes\nMaxAuthTries 3\nLoginGraceTime 30\nX11Forwarding no\nAllowUsers youruser # Whitelist specific users<\/code><\/pre>\n<\/div>\nAfter saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nsystemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
After saving, restart SSH \u2014 but keep your current session open and test in a second terminal window before closing anything:<\/p>\n
systemctl restart sshd<\/code><\/pre>\n<\/div>\n\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n3. Review Firewall Rules<\/h3>\nFor cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u26a0 Warning: If you disable password auth before confirming your SSH key works, you can lock yourself out completely. Always test in a separate terminal first.<\/p>\n
For cPanel\/WHM servers, CSF (ConfigServer Security & Firewall) is the standard. If it’s not installed, install it:<\/p>\n
cd \/usr\/src && wget https:\/\/download.configserver.com\/csf.tgz\ntar -xzf csf.tgz && cd csf && sh install.sh<\/code><\/pre>\n<\/div>\nCheck your current open ports:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Check your current open ports:<\/p>\n
csf -l | grep ACCEPT<\/code><\/pre>\n<\/div>\nOr on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Or on a non-cPanel server using nftables (the default in AlmaLinux 9 and Ubuntu 22.04+):<\/p>\n
nft list ruleset<\/code><\/pre>\n<\/div>\nThe goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
The goal here is simple: if a port doesn’t need to be open, close it. Common ports that get left open unnecessarily include 3306 (MySQL, should only be accessible locally unless you’re running a remote DB connection), 6379 (Redis), and 8080 (dev ports).<\/p>\n
\ud83d\udcdd Note: CSF’s TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
TESTING<\/code> mode in \/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/etc\/csf\/csf.conf<\/code> should be set to 0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
0<\/code> on live servers. I’ve seen environments running in testing mode for months because nobody checked \u2014 in that mode, CSF won’t actually block anything permanently.<\/p>\n4. Check for Unauthorized User Accounts<\/h3>\nList all accounts with login shells:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
List all accounts with login shells:<\/p>\n
grep -v '\/sbin\/nologin|\/bin\/false' \/etc\/passwd<\/code><\/pre>\n<\/div>\nAny account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nawk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Any account you don’t recognise needs to be investigated immediately. Also check for accounts with empty passwords:<\/p>\n
awk -F: '($2 == "") {print $1}' \/etc\/shadow<\/code><\/pre>\n<\/div>\nFor cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
For cPanel servers, audit hosting accounts in WHM under Home > Account Information > List Accounts<\/strong>. Remove any accounts that are no longer needed.<\/p>\n5. Audit File Permissions and SUID Binaries<\/h3>\nWorld-writable files are a common vector for privilege escalation. Find them with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
World-writable files are a common vector for privilege escalation. Find them with:<\/p>\n
find \/ -xdev -type f -perm -0002 -not -path "\/proc\/*" 2>\/dev\/null<\/code><\/pre>\n<\/div>\nFind SUID binaries (files that run with elevated privileges):<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nfind \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Find SUID binaries (files that run with elevated privileges):<\/p>\n
find \/ -xdev -perm \/4000 -type f 2>\/dev\/null<\/code><\/pre>\n<\/div>\nCompare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Compare the SUID list against a known-good baseline. Common legitimate SUID binaries include \/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/usr\/bin\/passwd<\/code>, \/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/usr\/bin\/sudo<\/code>, and \/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/usr\/bin\/pkexec<\/code>. Anything unexpected deserves a close look.<\/p>\n\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n6. Review Running Processes and Listening Services<\/h3>\nSee everything listening on a network port:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u26a0 Warning: Don’t blindly remove SUID bits from binaries you don’t recognise \u2014 some are legitimately required by the OS. Google the binary first.<\/p>\n
See everything listening on a network port:<\/p>\n
ss -tlnp<\/code><\/pre>\n<\/div>\nReview every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\nCheck for processes running as root that shouldn’t be:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Review every line. If something is listening that you didn’t expect \u2014 especially on a public interface (0.0.0.0 or ::) \u2014 find out what it is before continuing.<\/p>\n
Check for processes running as root that shouldn’t be:<\/p>\n
ps aux | grep root<\/code><\/pre>\n<\/div>\n7. Check Logs for Suspicious Activity<\/h3>\nFailed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ngrep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Failed SSH login attempts accumulate fast. See the worst offenders:<\/p>\n
grep 'Failed password' \/var\/log\/secure | awk '{print $11}' | sort | uniq -c | sort -nr | head -20<\/code><\/pre>\n<\/div>\nOn Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
On Ubuntu, the log is at \/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/var\/log\/auth.log<\/code> instead of \/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/var\/log\/secure<\/code>.<\/p>\nFor web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
For web server logs, scan for common attack patterns like ..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
..\/<\/code> traversal attempts or wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
wp-login.php<\/code> hammering. On managed WordPress hosting, this is something Host & Tech handles at the infrastructure level, but if you’re self-managing, check Apache logs at \/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/var\/log\/httpd\/access_log<\/code> or \/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/var\/log\/apache2\/access.log<\/code>.<\/p>\n8. Verify SSL\/TLS Certificates<\/h3>\nExpired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\necho | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Expired certificates cause trust warnings that users see as security issues even when the server itself is fine. Check expiry dates with:<\/p>\n
echo | openssl s_client -connect yourdomain.com:443 2>\/dev\/null | openssl x509 -noout -dates<\/code><\/pre>\n<\/div>\nIn cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
In cPanel, go to Home > SSL\/TLS > Manage SSL Hosts<\/strong> to see all installed certificates and their expiry dates in one view.<\/p>\n9. Test Your Backup and Recovery Process<\/h3>\nA backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n10. Run a Malware Scan<\/h3>\nOn Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
A backup you’ve never tested is just data you haven’t verified is corrupt yet. Restore a single file or database to a test location and confirm the content is intact. This step gets skipped constantly and it’s the one that matters most when something goes wrong.<\/p>\n
On Linux servers, maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
maldet<\/code> (Linux Malware Detect) combined with ClamAV gives solid coverage:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nmaldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
maldet --scan-all \/home\nclamscan -r \/home --infected --remove=no --log=\/var\/log\/clamscan.log<\/code><\/pre>\n<\/div>\nUse --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Use --remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
--remove=no<\/code> on your first scan to review what it finds before deleting anything. False positives happen, particularly in WordPress plugin directories.<\/p>\nCommon Issues and Troubleshooting<\/h2>\nSSH Login Succeeds But Immediately Disconnects<\/h3>\nUsually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Usually caused by incorrect permissions on ~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
~\/.ssh\/authorized_keys<\/code> or the ~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
~\/.ssh<\/code> directory itself. The SSH daemon is strict about this. Fix it with:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nchmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
chmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchown -R youruser:youruser ~\/.ssh<\/code><\/pre>\n<\/div>\nCSF Blocking Legitimate Traffic<\/h3>\nIf CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
If CSF has blocked an IP that shouldn’t be blocked, the logs are at \/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/var\/log\/lfd.log<\/code>. To temporarily unblock an IP:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\ncsf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
csf -dr 203.0.113.45<\/code><\/pre>\n<\/div>\nTo permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
To permanently whitelist it, add the IP to \/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/etc\/csf\/csf.allow<\/code> and restart CSF with csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
csf -r<\/code>.<\/p>\nMaldet Reports Thousands of Infected Files After a WordPress Hack<\/h3>\nThis is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\nnft or iptables Rules Not Persisting After Reboot<\/h3>\nOn AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
This is annoyingly common, and the official maldet docs aren’t great on recovery. Don’t just delete everything maldet flags \u2014 some of it may be false positives in cached or minified JS files. Instead, isolate the account, restore from a known-good backup if you have one, and then rerun the scan to confirm clean. Patching over an active infection rarely works.<\/p>\n
On AlmaLinux 9, rules written directly with nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
nft<\/code> commands don’t persist by default. Save them to the config file:<\/p>\n<\/button>Copied to clipboard<\/span><\/p>\nnft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
nft list ruleset > \/etc\/nftables.conf\nsystemctl enable nftables<\/code><\/pre>\n<\/div>\nfind Command Takes Forever or Hangs During Permission Audit<\/h3>\nWithout the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Without the -xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
-xdev<\/code> flag, find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
find<\/code> will cross into mounted filesystems including \/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/proc<\/code> and \/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\/sys<\/code>, which can hang indefinitely. Always include -xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
-xdev<\/code> in recursive find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
find<\/code> commands on live servers.<\/p>\nFAQ<\/h2>\n\nFrequently Asked Questions<\/h2>\n\nHow often should I run a server security audit?<\/h3>\n\nAt minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n\nDo I need root access to run a server security audit?<\/h3>\n\nFor a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n\nIs ClamAV good enough for server malware scanning?<\/h3>\n\nClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n\nCan I run this checklist on a cPanel shared hosting account?<\/h3>\n\nPartially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n\nWhat's the difference between a security audit and a penetration test?<\/h3>\n\nA security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\nServer Security Audit Checklist 2026: Harden Your Hosting Environment<\/title>\n<meta name=\"description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\" \/>\n<meta property=\"og:description\" content=\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:22:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"},\"wordCount\":1438,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"cPanel security\",\"firewall\",\"Linux security\",\"security audit\",\"server hardening\",\"server security\",\"server security audit checklist\",\"SSH hardening\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\",\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-28T06:22:36+00:00\",\"description\":\"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\\\/WHM hardening steps.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/security\\\/server-security-audit-checklist-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server Security Audit Checklist 2026: Harden Your Hosting Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_locale":"en_US","og_type":"article","og_title":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","og_description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","og_url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-28T06:22:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","datePublished":"2026-05-28T06:22:36+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"},"wordCount":1438,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["cPanel security","firewall","Linux security","security audit","server hardening","server security","server security audit checklist","SSH hardening"],"articleSection":["Server Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","url":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/","name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-28T06:22:36+00:00","description":"Run a complete server security audit with this 2026 checklist. Covers SSH, firewall rules, file permissions, software updates, and cPanel\/WHM hardening steps.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/security\/server-security-audit-checklist-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Server Security Audit Checklist 2026: Harden Your Hosting Environment"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
At minimum, quarterly. After any security incident, major software update, or staff change, run it again immediately. Monthly is better if you’re handling sensitive customer data or running eCommerce. Audits that don’t happen on a schedule just don’t happen.<\/p>\n<\/div>\n<\/div>\n
For a full audit, yes \u2014 many of the checks require root or sudo. If you’re on shared hosting, your ability to audit is limited to your own files and account settings. VPS and dedicated server customers have full root access and can run every step in this checklist.<\/p>\n<\/div>\n<\/div>\n
ClamAV alone misses a lot of PHP webshells and fileless threats. Pair it with Linux Malware Detect (maldet), which is specifically tuned for shared hosting and web server environments. Running both together gives you much better coverage than either tool alone.<\/p>\n<\/div>\n<\/div>\n
Partially. Steps like SSH hardening, firewall rule changes, and process auditing require server-level access you won’t have on shared hosting. You can still check file permissions, review your account’s error logs, and verify SSL certificates. For full control over server hardening, you’ll need a VPS or dedicated server.<\/p>\n<\/div>\n<\/div>\n
A security audit reviews your configuration, settings, and software against known best practices \u2014 it’s largely checklist-driven. A penetration test involves actively attempting to exploit vulnerabilities, often done by a specialist. Audits are something you can run internally on a regular basis; pen tests are typically scheduled annually or after major infrastructure changes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
A server security audit isn’t a one-time task \u2014 it’s something you should run at least quarterly. This checklist covers every layer of a typical hosting environment, from SSH configuration to file permissions and log review.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[73],"tags":[263,74,21,262,20,220,265,264],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-security","tag-cpanel-security","tag-firewall","tag-linux-security","tag-security-audit","tag-server-hardening","tag-server-security","tag-server-security-audit-checklist","tag-ssh-hardening"],"yoast_head":"\n