The best is to get a server which is fully managed by the host. They will keep it up to date and secure it.
Your web host, in order to maintain a level of profitability, must deal with
at least1,000 servers. Usually , many, many,
many more. The larger companies do 10-20x that!!! There is
no way that they are keeping them all updated and secured.
'The best' is to find yourself a systems administrator who handles these things properly, doesn't overload themselves, or their company, and knows what they're doing. Yes, they DO exist. You'll pay more than the cheap end server admin companies for the service, but it'll be well worth it in the longrun
A decent server admin knows how to address things and keep their eye on what needs to be done, finding the balance between too intrusive, and not secure enough. Then again, a 'good' server admin doesn't rely on forum posts for 'configurations'
