Allowing root login to a web server is a big security threat

By disabling root access , you can help fight against brute force attacks.

Your server should not allow root logins. Here is how you can accomplish this.

Create a different super user with the same uid as root (0). See adding Linux users article for information on how to add new users.
Change the shell in /etc/passwd file to /sbin/nologin or a custom program

This will disable access to root from login, gdm, kdm, xdm, su, ssh, scp and sftp. Here you can see root user with nologin shell

root:x:0:0:root:/root:/sbin/nologin

Here is what a root user's account with a custom shell looks like

root:x:0:0:root:/root:/sbin/hack_your_mama

Disable root SSH logins to protect against root exploits

Modify the /etc/ssh/sshd_config file and set the PermitRootLogin parameter to no to help protect your Linux computer against root exploits created through ssh brute force attacks.

You can also prevent root login on any devices attached to your computer using an empty /etc/securetty file . A full /etc/securetty file looks something like

console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
ttyS0