There are many ways to secure your website from hackers, below some Server end configurations to secure your website from hackers.
 

Hide Apache version

Some hackers used apache version to hack any website. Apache version information allows the hacker to enter on the server some way. You need to configure apache server securely.

Visit:-  Hide Apache Version

 

Disable expose_php

You must need to hide PHP version from the HTTP header. When you check your website security by any tools. expose_php must be disabled.

To disable expose_php follow given steps:

Go to the PHP configuration file that is php.ini with the following command.

# vim /etc/php.ini

Edit gave line expose_php

Expose_php = off 

After edit saves the php.ini file and restart apache server.

HTTP Strict Transport Security (HSTS)

To secure website from hacker must be configured HSTS. Configure HSTS follow given steps.

To configure HSTS you need to edit the .htaccess file. Open the .htaccess file with your favorite editor. Copy the below code and paste the header section in a .htaccess file.

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

After editing the code in .htaccess save the file and restart apache server.

X-XSS protection

Improve the security of your site XSS (cross-site scripting)attacks. To configure X-XSS protection you need to edit the apache configuration file. Edit with the given code.

Open Apache configuration file with your favorite editor. Copy the below code and paste in the configuration file.

# vim /etc/httpd/conf/httpd.conf

Copy the below code and paste in the configuration file.

Header set X-XSS-Protection "1; mode=block"

After the edit, the configuration file Restart the apache server.

NOTE:- You can also edit given code in the .htaccess file that also works

USE HTTPS

HTTPS is a secure protocol used to provide security over the Internet. Your website must be on HTTPS. Many hosting providers offer free SSL you can use free SSL to secure your website from hackers.

Up to date website

For the security purpose, you need to update your site core + modules when updates are available. The old version of core or module allows hackers to unsecure website.

Use mod_security

Install and configure mod_security on your server.

Firstly you need to add the EPEL repository in your server using the following command.

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm

Then install mod_security Apache modules with the following command.

# yum install mod_security mod_security_crs

Then edit the configuration file with the given code.

SecRuleEngine on

Save the file and Restart the apache server.