Skip to content
On this page

Best Practices

Managing a server is not easy. Here are some best practices you should try to adhere to while managing your Hestia server.

Use a regular user

Never run a web or mail domain with the admin user

By default, the admin user has elevated privileges. This can pose a security threat to your server. For example, if you run WordPress under your admin user and a vulnerability is found in WordPress or a plugin, a malicious user might be able to run commands as root!

Before adding any web or mail domain on your server, you should create a regular user. To do this, you can refer to our User Management Guide.

Enable two-factor authentication (2FA) for the admin user

Since the admin user has full control on the server, as well as elevated privileges, it is greatly recommended that you enable 2FA on this account. To do this, you can refer to our Account Management.

Released under the GPLv3 License.