Much of this is thanks to help I have received here. Major shouts out to Till and Ztk.me and Ahrasis! 1) Update the grub bootloader to log console messages to the screen so you can see errors if the kernel crashes: Code: nano /etc/default/grub Change the GRUB_CMDLINE_LINUX section rhgb quiet from your entry like this: Code: GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet rootflags=uquota,gquota" to this (replacing rhgb quiet with loglevel=7 systemd.log_level=debug): Note: Do not replace the entire line, just change the indicated parts. Code: GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap loglevel=7 systemd.log_level=debug rootflags=uquota,gquota" 2) Enable journalctl persistent logging so you can see logs from past boots: Code: mkdir /var/log/journal systemd-tmpfiles --create --prefix /var/log/journal systemctl restart systemd-journald 3) Update the fail2ban to have longer ban times, longer find times, and fewer retries: Code: nano /etc/fail2ban/jail.local Code: [DEFAULT] bantime = 432000 ; 5day ; 10800 ;3 hours findtime = 86400; 28800 ; 8hr; 1209600 ; 2week; 86400 ;1 day maxretry = 5 #28800 = 8hr #86400 = 1day #432000 = 5day #604800 = 1week #2592000 = 30day [sshd] enabled = true port = 8822 action = iptables[name=sshd, port=ssh, protocol=tcp] maxretry = 2 bantime = 2592000 findtime = 604800 [pure-ftpd] enabled = true action = iptables[name=FTP, port=ftp, protocol=tcp] maxretry = 3 bantime = 2592000 findtime = 604800 [dovecot] enabled = true action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps", protocol=tcp] maxretry = 5 bantime = 432000 findtime = 604800 [postfix-sasl] enabled = true action = iptables-multiport[name=postfix-sasl, port="smtp,smtps,submission", protocol=tcp] maxretry = 3 bantime = 2592000 findtime = 604800 Or better yet implement a permanent ban for IPs! But I haven't yet found a non-complicated reliable way to do this that doesn't involve modifying the core fail2ban files. 4) Add SSL to your Mail server (I also recommend disabling Non-SSL for clients) https://www.howtoforge.com/communit...ut-webmail-works-perfectly.79252/#post-375327 https://www.howtoforge.com/community/threads/pfs-letsencrypt-for-postfix-dovecot-pureftpd.77499/ https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ 5) Update your SPAM filters to be stronger: https://www.howtoforge.com/communit...-of-spam-filter-policies-in-ispconfig3.38480/ 6) Add additional PHP versions to ISPConfig: https://www.howtoforge.com/communit...e-php-versions-already-but.71847/#post-376006 http://www.hexblot.com/blog/centos7-ispconfig3-and-multiple-php-versions https://www.sunaryohadi.info/additional-php-versions-centos-7-nginx-ispconfig-3-gce.htm 7) Use the proper settings on the site for Wordpress to update properly: https://www.howtoforge.com/communit...f-update-or-update-plugins.79238/#post-375063 Feel free to make additional suggestions!