Hello. I had to use VPS on my site, then I bought one, but I have no idea on how to install and configure. So, a guy that I know (not in person) installed and configured everything for me, he is really good at it, its his job. Everything is running fine, but I´m kinda affraid.. what if, after he sees how much money im making, he copies everything on my site, create another one and delete mine? So the question is: What do I need to change, like password, port, etc, to make it completely secure? Here is what he installed: Nginx, php, php-fpm, mysql (I´m using wordpress), ssh, ftp. Thanks!
Set the SSH service to a different port ( it's standard on port 22, you should change to 8394 or something ) , block the root user to use SSH. Install failban. Allow SSH only from one/two IP's. This should help.
