The most secure setup possible is to use a static site generator and upload it's output to a static server with no server side parsing enabled. In my opinion Hugo is the best of these which is written in Go, and that's it's largest drawback - written in a language I'm not too familiar with. Jigsaw is a PHP implementation of the same concept, but I haven't had a chance to try it out. There are a lot of sites out there using WordPress and Drupal which are so small and so infrequently uploaded that, frankly, the owners could do themselves a huge favor by switching over.
If your problem scope still requires server side scripting you'd be better served leaving the server security to the experts. Look into AWS, Microsoft's Azure at a start, and there are also more PHP centric providers like Aquina or Pantheon. Owning and managing the silicon directly isn't advised anymore and hasn't been common practice for at least a decade. On Sun, Jan 10, 2021 at 2:10 AM Rene Veerman < rene.veerman.netherla...@gmail.com> wrote: > hi. > > i run a website which i want to harden against hacking by 3rd parties. > > i wrote this website back in 2002-2010, and then built apps on top of the > base code. > > now i want to upgrade the entire thing to the latest css3 standards and > also include anti-hacking measures, because at one point i got kicked off > the internet by my ISP because they detected the thing had indeed been > hacked, and someone installed phishing software on my site. > > i want to employ cron jobs that run regularly, to do checksum testing of > vital parts of my operating system. > > ideally, i could have a script run indefinitely or every 2 seconds, as > root, from cron, to test for changes to my filesystem (well, the part that > is governed by Directory section in > /etc/apache2/sites-enabled/001-localhost.conf) and vital OS config files. > but i do wonder if this is going to wear out the SSD where the OS and > webserver files are stored on. > and i wonder if i should be writing this script as some sort of shell > script (bash? /bin/sh? i dunno (i run ubuntu 20.04)), or if i could be > using the convenient php for it. > > and i would like to know if as far as exploits go, it's better to stay > (currently) on php7.4, or move my entire setup to php8. > > thanks for your attention and any help you might provide me. :) >
