These are all things that go into our secure WordPress hosting, that will protect your WordPress website.
We’ve engineered our WordPress hosting to have the highest security possible. Find out how much security goes into our secure WordPress hosting. We protect your WordPress website so you don’t have to worry about being hacked.
We have a juniper hardware firewall. Hardware firewalls are an important measure to stop large scale attacks on web servers.
The we have software firewall. A little similar to the hardware firewall, but it is programmable.
We use this to help block DDoS attacks .
There are lots of bot farms and attackers that will attempts a lot of hits on your site. This consumes your resources and brings down your site.
Out DDoS protection starts before the request gets to WordPress.
This includes session limits, request limits, and bot grey list.
We also have DDoS protection on DNS requests.
The WAF checks each click/request, and looks for hacking patterns.
Then we look at patterns over time. These patterns, and triggers from the WAF are blocked on the software firewall. The WAF intercepts hacking attempts before they reach WordPress and php, making it more safe and using less CPU resources. The WAF uses both mod_security and immunify360.
We have custom PHP settings that disable unsafe features. These unsafe features are not commonly used by WordPress, but are used by hackers. It’s much safer to have them disabled.
Every request for a login is met by a human browser test. It takes less than a second for real humans, and you are redirected to the login page. If you are not a human, you don’t get the redirect. This stops a lot of automated attacks for login before they get to WordPress. You can read more here bot login detection
We scan all files daily for virus and hacking.
We run an instant virus scan on any new files uploaded. If a hack is detected we quarantine the files – and call support for you.
CageFS isolates you from our other customers. This way if something does go wrong in someone else’s account, it won’t disrupt your WordPress site.
The web server is run on a read-only file system, so no changes can be made, even if we execute a hack it can’t make changes. Mose hacks rely on modifying php files, or uploading php files. Our readonly filesystem makes this impossible. We believe this is unique to our hosting.
Each component, web server, sql server, mod security, are all run in their own security container – so a hack can’t spread.
We have 2 factor authentication to log into wp-admin. We use two levels of passwords to make wp-admin more secure.