Heey Admin, Disabling upload on your server does not mean you have SECURED your server .
getting the permission
( www-data )
on My SHELL does not mean your website is fully secured . ok ?
(*) Advices :
1 - Keep your website application up to date( joomla - wordpress - drupal ..etc ) .
2 - Update Server Kernel to newer version so you can avoid kernel security vulnerabilities .
3 - Move sensitive websites to isolated webservers .
4 - install ssl certificate to avoid sniffing or intercepting users sessions .(SSL is protocol that encrypt data traffic).
. Those were my advices and thanks .