Server Hardening for OpenCart VPS

Description

A default Linux VPS with OpenCart is vulnerable to common attacks: SSH brute-force, vulnerability scans, admin panel password guessing. Hardening is the systematic reduction of attack surface: disabling everything unnecessary and maximally restricting access to what remains.

We perform VPS hardening for OpenCart and ocStore using a checklist covering all levels: network, SSH, Nginx, PHP-FPM, filesystem and permissions.

What We Do

• SSH: password login disabled, SSH keys only; port change; PermitRootLogin no
• fail2ban: SSH, OpenCart admin panel, site form brute-force protection
• UFW/iptables firewall: only required ports open (80, 443, SSH)
• Nginx security headers: X-Frame-Options, CSP, HSTS, X-Content-Type-Options
• File permissions: 644 for files, 755 for directories, 600 for config.php
• Sensitive path access restriction: /admin, /system, /storage via Nginx
• Unnecessary PHP function disabling: exec, shell_exec, system (if not needed)

Documentation

After hardening we provide a report listing all changes made with explanation of each item. Config backups are preserved before and after for rollback capability.