Best instructions or how to, set up a secure website from a template?
 

Where can I find an excellent how to on setting up a secure website? This will contain a document, moderated blog and links, music. It must be password protected...
Cloud Linux and SSD good hosting?

Please say more about your fuctional requirements. The more moving parts the site has the less secure it can be and the more work it is to maintain. The ultimate secure site is thus valid HTML + CSS, with SSI optional, all accessible over chrooted SFTP. NO JAVASCRIPT ANYWHERE, not now not ever.

If you are aiming just for a blog with multiple authors, then maybe a static site generator would fit the bill. Hugo, Jekyll, and Pelican are popular examples. However, that would prevent visitor comments.

If you want visitors to leave comments, then don't farm that out. However, you'll need a much more complex setup, maybe even WordPress. Again, please say more about your goals for what the site will be like.

As such, this is meaningless.

Define what security you need/want.

A website involves 3 distinct components: the site structure itself (HTML,CSS,PHP,javascript...), the server software (apache, nginx) and the underlying operating system (Windows, *BSD, *NIX...).
All these components should be sufficiently secure (from outside attacks I presume).

i used Geeklog in the past
https://www.geeklog.net/

the CMS is very customizable and security is there top priority

OP: this is your second thread of exactly this same topic. There is no such thing as a "secure website from a template". Web site and web application security is a process and not something you can just bolt on.

Okay, it is possible someone may disagree with my content and hack or contact the web host to take it down. I will aim to moderate all comments.So from my other thread I was informed that WP or Wix could itself take down the site. And that a web designer could help.

I'd like to publish a document with a comment box.

I strongly recommend you read the Sticky posts at the top of our Security forum here https://www.linuxquestions.org/quest...ux-security-4/

deleted; OP's requirements are just too vague.

How could I better ask this question? For my knowledge is limited to knowledge of hackers and possible complaints to web hosts by people who disagree.

I like linux for it security hardening that Windows doesn't have, for my past windows desktop was hacked by someone claiming to be a psychopath.


I consider a hacker may take down my site or alter it to include profanity or simple lies.

It really boils down to this:
Either get enough knowledge to be able to run your own server/site with enough confidence to not have to ask these fluttering insecure questions, or use a service that (claims to) doall that for you. I believe a Wordpress.com blog would fall in the latter category. Not a shabby choice.

OP: the OS running the site is irrelevant, although I am obviously partial to Linux. What really matters is the web server software (Apache, nginx, etc), how it is configured and how the web site is written: there MUST be measures taken in the code to deny xss, csrf, etc. It is not an easy, bolt-on task.

Have you consulted with your hosting provider's tech support and help documents?