Keeping your hosting environment secure protects your data, your reputation, and your customers. Virtualmin includes built-in tools to help you maintain a strong security posture while keeping management simple.
Securing Your Virtualmin Login:
1. Always access Virtualmin over HTTPS using https://yourdomain.com:10000.
2. Never log in from public or unsecured Wi-Fi networks.
3. Use a strong password that includes uppercase, lowercase, numbers, and symbols.
4. Enable two-factor authentication (2FA) under Webmin → Webmin Configuration → Two-Factor Authentication.
5. Bookmark your Virtualmin URL to avoid phishing attempts from fake login pages.
Keeping Your System Updated:
• Apply regular system updates through Virtualmin under Webmin → System → Software Package Updates.
• Schedule automatic updates if possible, especially for security patches.
• Reboot your server periodically after major kernel or system updates to ensure changes take effect.
• Avoid running outdated CMS platforms (like WordPress or Joomla) — outdated plugins are a leading cause of security breaches.
Restricting Access:
• Limit user accounts to those who truly need access.
• Assign unique credentials for each user and avoid sharing passwords.
• Use Edit Users to disable or remove accounts that are no longer needed.
• If multiple people manage your hosting, give each their own login for audit tracking.
Firewall and Network Security:
• Configure your firewall to allow only essential ports: 22 (SSH), 25/465/587 (SMTP), 53 (DNS), 80/443 (Web), and 10000 (Virtualmin).
• Use Webmin’s built-in firewall module under Networking → Linux Firewall for easy rule management.
• Disable root SSH login and require key-based authentication whenever possible.
• Regularly monitor your login attempts and mail logs for suspicious activity.
Website-Level Security:
• Always use SSL certificates (Let’s Encrypt) for all hosted domains.
• Keep CMS software, themes, and plugins updated to their latest versions.
• Limit file upload permissions and never set directories to world-writable unless absolutely necessary.
• Use strong, unique passwords for database connections, FTP, and admin panels.
Backup and Disaster Preparedness:
• Maintain at least one local and one remote backup copy at all times.
• Periodically test a restore to confirm backup integrity.
• Keep off-site backups encrypted if they contain sensitive data.
• Review your backup schedule under Backup and Restore → Scheduled Backups.
Next Steps:
• Review all security-related settings quarterly to ensure nothing is overlooked.
• Enable email notifications in Webmin for login alerts and failed update warnings.
• Continue to “Troubleshooting Common Issues” to learn how to quickly identify and resolve common Virtualmin errors.
