The number one step you need to take to secure the server from IP leaks is running the entire thing inside of a virtual machine that is only capable of communicating with the internet via Tor, and which does not know your external IP address. If you do that it prevents all IP leaks and DNS leaks, and it also makes it a lot harder for hackers to obtain your real IP address even if they manage to root the VM with the web server in it. I consider this technique to be absolutely indispensable, especially for hidden services. This. Don't use Apache. Go with Nginx or Hiawatha. It isn't possible to use FDE on a remote server without something like KVM over IP. You need total access to the entire boot sequence. That said, using a server with KVM over IP is a great idea. Definitely renting the server anonymous is 100% required for your security. You can still use exchangers to cash out Bitcoin to bank wires and such probably, although it has been a while since I bought a server anonymously, and since LR is gone and a lot of exchangers have been busted it might be harder these days. It was already a pain in the ass even before they busted LR, since people renting dedicated servers generally have various anti fraud systems in place that are hard to get around while maintaining your anonymity. I am sure you can still get dedicated servers anonymously, it is just a bit of work and probably even more so now than it ever has been before. There are a lot of other things to take into consideration as well. I mean, for the absolute ultimately secured hidden service I could write a book on the subject, but pretty much nobody goes to all of the trouble and expense required to make a hidden service as secure as humanly possible. Some steps are totally indispensable though, like running the web server isolated in a VM that doesn't know your external IP address. Check the securing hidden services thread that Astor linked to as well.