Security
Reqad hardens your server during installation and keeps it locked down by default — SSH access, the firewall and PHP are all configured for you, with sensible defaults you can still tune from the panel.
SSH access
The installer hardens SSH so your server isn't exposed to the usual automated attacks:
- Non-default port — SSH is moved off port 22 to a non-standard port (you can choose it at install time with the
SSH_PORTvariable). This alone removes most brute-force noise. - Password authentication disabled — logging in with a password is turned off, so guessed or leaked passwords can't be used over SSH.
- Key-based authentication — you log in with an SSH key instead. Add, remove and manage keys (including automatic SSH2 → OpenSSH conversion) from the SSH Keys section in the panel.
Firewall (CSF)
CSF (ConfigServer Security & Firewall) is installed and configured out of the box. It puts a stateful firewall around the services Reqad runs — web, mail, DNS and SSH on its custom port — and includes login-failure detection that automatically blocks repeat offenders. You get a sensible baseline without writing a single firewall rule.
PHP security
Every account runs in its own isolated PHP-FPM pool, and Reqad applies sensible PHP restrictions by default — all editable from PHP settings in the panel:
disable_functions— dangerous PHP functions such asshell_exec,system,exec,passthru,popenandproc_openare disabled, so a compromised script can't run arbitrary system commands. Reqad ships a recommended list and a one-click button to apply it.open_basedir— each account's PHP is locked to its own home directory, so one site can't read or write another site's files or wander the filesystem.- Isolated pools — each account has its own PHP-FPM pool running as its own Linux user, with private temp and log directories.
- Less fingerprinting —
expose_phpis turned off so PHP doesn't advertise its version.
You can tune all of these per PHP version from the panel, alongside OPcache and APCu settings.
Need a hand? Register for early access or contact us.