(Archived) 3 steps you can take to harden the security of your Discord server

Today I'm going to show you 3 steps you can take to harden the security of your Discord server to prevent it from being nuked or raided.
I have compiled a list of items that will help you secure your server and increase your security. The top 3 items below are a must for server owners, especially if you have multiple staff members who handle the moderation side of the server. So let's get to it!

How can a hacker even nuke/raid a server?

They can hack a staff member and abuse their permissionss. It's important is to look at the permissions of the server, all roles with admin-level, kick and ban permissions, which have more powers on the server. Currently, it's common for hackers to give themselves admin powers on the servers they target. However, there is a way of preventing this. Removing admin, kick and ban permissions from roles.

Let's take a look at an example of bad permissions

Imagine having a moderator role in your server and also having an anti-nuke bot like Wick. You made the moderator role have the kick and ban permissions which is a bad idea since this means they can ban anyone they like while making the anti-nukes job harder since Discord is sometimes slow to respond to Wick. Instead of giving the moderator role Discord kick and ban permissions, let moderators only be able to ban using the commands on anti-nuke bot wick. This makes sure that wick can keep up with the number of bans, allowing the staff member to do their job without you having the risk of being nuked.

But what if one of my staff members click on a suspicious link?

To make hackers' job's harder, turn on the 2FA requirement for moderators in server settings by going to server settings>moderation and clicking enable 2FA requirement. This requires staff members to turn on 2-factor authentication which requires them to use an app like Google Authenticator to confirm their identity upon login. Now, once the hacker tries to log in he will be out of luck since he won't have the code from the app.

Note: even with 2FA, if a hacker gets a staff members Discord token, chances are, 2FA will not be able to protect them.

Okay I have done all that, are there any bots I need to add?

Yes. If you don't already have Wick bot in your server I highly suggest you invite it. It helps keep your server by watching over the number of bans, kicks, and more to prevent admin abuse. Just remember, you will have to go through its setup guide to ensure it works properly.

Conclusion

No matter how big your server is, no matter how awesome your admin team is, there are always people who are interested in raiding or nuking your server. It only takes one small mistake from your or a staff member to lose it all. So remember, follow all 3 tips:

1. Make sure you remove dangerous permissions from roles.
2. Enable the 2FA requirement for moderators in server settings.
3. Invite wick and read the docs before setting it up.

Useful links:
> Four steps to a super safe server - Discord https://discord.com/safety/360043653152
> Wick bot website - Wick - https://wickbot.com/
> Wick bot setup tutorial - Wick - https://wickbot.com/docs/setup

Thank you for reading and stay safe.