Have a customer send me a pdf of PCI scan results where there were a lot of failures. Has anyone recently had to make a site PCI compliant? The PCI scanner company was Trustwave. Website is on Wheezy and some of the failures indicate that things are fixed in Apache 2.4 Andy
Remove self-signed-certs, check hostnames for the ssl-certs, disallow TLS 1, check the ssl cipher-suites, close port 3306.... usually, you see the detected problems in the report. You can not "secure" a single website. Most "problems" are related to the server itself and ispconfig does not (and should not) change all relataed configs.