Search our site for answers
Help Docs Security Overview

Security Overview

Robust solutions for data protection and server security.
Getting Started How to Security Troubleshooting
2 min read

Security isn’t a single setting you flip on once—it’s a process that touches every layer of your stack, from account passwords to network firewalls and SSL/TLS. Liquid Web’s docs group that process into four repeatable pillars:

  1. Account & Access – lock down logins with strong passwords, two-factor auth, and secure notes.
  2. Network Protection – shield ports with Cloud Firewall rules and VPN tunnels before traffic even hits your server.
  3. Server Hardening & Monitoring – minimize attack surface (services, permissions, file-system tweaks) and run scheduled vulnerability scans.
  4. Encryption & Certificates – keep data in transit private with correctly installed, auto-renewing SSL certificates.

Whether you start from our high-level Security Overview or drill straight into a how-to, the resources below give you “copy-paste” commands and control-panel clicks to secure 90 % of common deployments in minutes.

Getting Started

Setting Up Your Cloud VPN

Using Google Accounts in Your Liquid Web Account

How to

Autorenew for SSL Certificates

Best Practice: Creating a Secure Password

Changing Your Support Passphrase

Configuring Cloud VPN on Debian

Configuring Cloud VPN on Fedora

Configuring Cloud VPN on macOS

Configuring Cloud VPN on Ubuntu

Configuring Cloud VPN on Windows

Configuring cPanel Backups in WHM

Creating a Liquid Web Cloud API Token in the My LiquidWeb Interface

Editing User Authorization in Your Account

Enabling Two-Factor Authentication (2FA) for CloudVPN

Enabling Two-Factor Authentication for Users

Making Your eNom Whois Information Private

Reporting Your Server Password

Securing Your Cloud VPN Using ACLs

Switching Two-Factor Authentication to a New Device

User-Level Support Passphrases

Finding Your Server Password

Using Secure Notes for Sensitive Information

Troubleshooting

Password Help

Account Recovery

How to Unblock Your IP Address in Manage

Unblocking Your IP Address

Articles

  • How to use the Liquid Web Secure Password Generator

    Learn how to use the Liquid Web Secure Password Generator to create a secure password or evaluate one. It is critical that you use a complex, secure password to harden your hosting account.

  • What are the advantages of using SSH keys to control access for multiple users?

    SSH keys offer a means for site administrators to allow multiple individuals to share one user and all associated permissions while remaining PCI-compliant.

  • What are CVEs and How are They Scored?

    Common Vulnerabilities and Exposures listings, or CVEs, is a system of classifying vulnerabilities including a numeral score describing its severity.

  • What is Server Hardening?

    Server hardening strengthens security by enhancing various aspects, making your environment far more secure. Default configurations prioritize usability and functionality, not security.

  • What Is a Denial-of-Service (DoS or DDoS) Attack?

    Denial-of-Service (DoS) attacks flood a server with traffic, preventing legitimate users from accessing a website. Learn to mitigate network-focused DoS attacks in this article.

  • Using cPHulk to Prevent Brute-Force Attacks

    cPHulk is an added security feature in WHM, blocking login attempts in various services without affecting regular traffic.

  • Best Practices: Protecting Your Email Accounts from Compromise

    You’ve learned about computer security, website protection, and secure passwords. Now, safeguard your email accounts from compromise.

  • Best Practices: Protecting Your Website from Compromise

    To enhance security, adopt best practices to safeguard your website. Consider Liquid Web’s additional security services for added protection.

  • Best Practices: Securing Your Computer

    Securing your passwords and data is vital for site security. Protect your computer, keep software updated, and safeguard login credentials to prevent common site compromises.

  • Best Practices: Setting a Required Password Strength

    A strong server password is crucial to prevent data loss. Use a mix of characters, avoid dictionary words, and lengthen your password. Consider setting a server-wide password policy for added security.

  • What Is an .htaccess File?

    Apache servers use .htaccess files to configure websites without altering server settings. Apply distinct settings per directory via multiple .htaccess files, created manually or uploaded as plaintext.

  • What Is a Brute-Force Attack?

    Brute-Force Attacks: Attackers try all possible password combinations, using scripts, to access data. Growing threat due to faster hardware.

  • Best Practices: Creating a Secure Password

    Secure your website and logins. Learn the rules for creating a long, complex, and unique password and find the best practices for storage.

  • Disabling Recursive DNS in BIND

    Disabling recursive DNS requests is crucial to prevent amplification attacks.

  • Disabling Anonymous FTP

    Anonymous FTP allows downloading public files without user identification. Typically, users enter “anonymous” or “ftp” as the username and their email as the password. Access grants read-only to /home/username/public_ftp/ and write access to /home/username/public_ftp/incoming/.

  • What is “Least Privilege”?

    Least Privilege, or the Principle of Least Privilege (PoLP), ensures that each process, user, or program accesses only the information and resources essential for its purpose. This helps in setting server permissions, granting users and processes only the necessary functions to complete their tasks, without accessing other files and programs.

  • A Liquid Web customer’s guide to vulnerability scans

    Vulnerability scans are an important part of maintaining your server’s security, especially in today’s online threat landscape. Learn how to leverage them when you host with Liquid Web.

  • Using mod_qos and mod_reqtimeout to mitigate Slowloris attacks

    mod_qos and mod_reqtimeout are two Apache modules that help mitigate Slowloris-style attacks (a type of Denial of Service (DoS) attack that targets web servers by opening many simultaneous connections and keeping them alive as long as possible, thereby exhausting the server’s resources) by controlling how long and how much data clients are allowed to send….

  • Antivirus

    Antivirus protection is your “first-pass filter” against malware that slips past firewalls and web-application defenses. Liquid Web supports three layers of coverage: Follow the guides below to install, tune, or update each engine; they’ll walk you from first install through scheduled scans and license renewals. Articles Was this article helpful? Yes No Thank you for…

  • Bot Management

    Learn to manage web bots. Our guides help you block bad bots, allow good ones, and secure your site. Control your website’s automated traffic.

  • Security Compliance

    Navigate security compliance. Learn about HIPAA, PCI, and GDPR and find hosting solutions to help protect sensitive data and meet your legal duties.

  • Firewall Management

    A firewall is your server’s first defense. Learn how firewalls block threats, the types available, and how to configure them for robust security.

  • Rootkit Detection

    Rootkits are stealthy malware that hide deep in your OS. Learn how to use specialized tools to detect and remove these dangerous hidden threats.

  • SSL Certificates Guide

    Secure your site with SSL. Our guides explain what SSL certificates are, how to install them, and how to build trust by encrypting user data.

  • TLS Hardening

    Go beyond basic SSL. TLS hardening strengthens your server’s encryption by disabling weak protocols and ciphers to protect against modern attacks.

Was this article helpful?