- Questions? Schedule a Call
- laura@thed3.com
The Biggest WordPress Security Vulnerability
September 28, 2016
The Best Investment in Website Security
October 12, 2016
We may be wading into technical waters here, but we want to give you a brief overview of the things we do to protect your website if you use our managed WordPress hosting service. We protect each WordPress website with various security plugins and we have implemented multiple security precautions on the server to prevent access to hackers.
WordPress Security Plugins
The first plugin we always use on WordPress sites is by Sucuri. You’ll hear a lot about Sucuri from us when we talk about security because they truly do an amazing job at protecting websites, not just WordPress sites. We use them for our website firewall service, which we’ll talk about more in depth in another post. Sucuri offers a free plugin that protects a website on multiple fronts. The first way is to log all changes made to files and to notify us if anything is amiss. It also shows us a history of all the people who have logged in and from where they were coming. It will stop an intruder from getting to the login screen for the administration panel for WordPress if they’ve tried too many incorrect passwords. The plugin will also scan website files to see if there are any compromised files. There are many more services this plugin performs, but suffice it to say, it is a great plugin for proactively and retroactively protecting a WordPress website.
We also implement a plugin that works together with the server firewall. A server firewall is like a really tall wall made of brick that keeps people out, but there’s a gate that allows people access if they are welcome visitors. This accepting and denying visitors is done using IP addresses. An IP address is like someone’s home address. If you give someone your home address, people can plug it into their map app and find where you live. An IP address is similar in you can determine where someone is located based on the IP address transmitted to the server. However, IP addresses can be faked or hidden so they aren’t a perfect indicator of where someone is located and they can change from time to time. Sometimes, a server can tell based on IP address if the person is a welcome visitor or not. Other times, the firewall needs to learn who is welcome and who is not. We use a plugin that determines if someone has tried too many times to login to WordPress with an incorrect username or password. Once a threshold is hit, the plugin notifies the server firewall to block all access to that IP address. This may mean that legitimate traffic gets blocked such as a client who has forgotten their password. When this happens, our clients simply email or call us and we get the block cleared within a few minutes. When a new client starts to host with us, we get their IP address so we can add them to the safe list in the website firewall to prevent blocks from happening.
Basically, with any WordPress security measure we implement, we are trying to ensure people who want to hack the site are locked out before they get the chance to succeed.
Server Security
We’ve already talked about the server firewall, but it’s important to note that while we use a WordPress plugin that communicates with the server firewall, the firewall also operates on its own devices. For example, logging into webmail is separate from a WordPress website login so the firewall will also block too many incorrect login attempts for webmail. Currently we have 3000 IP addresses in our deny list for the server firewall! We also lock down who can use FTP (file transfer protocol) to upload and download files to the server. We run three different security solutions on the server to scan files for compromise, block IP addresses and look for strange behavior patterns. We don’t allow certain actions such as uploading PHP scripts via forms, which hackers can use to exploit websites. In short, we have used multiple best practices on our server to protect our clients’ websites from attackers.
Security Responsibility
We hope you found that information useful and not too boring. We do believe it’s important that every website owner understand the security risks of having a website. Our goal is to take this responsibility off your shoulders and protect your website as best as we can. That leads us to the final posting we’ll do next week on using a website firewall by Sucuri as our first layer of security as it is the first point of entry for all traffic coming to the website.
Want to learn more about our managed WordPress hosting services? Read more on our managed WordPress hosting services page.
Related posts
Testimonials
D3 Website Solutions came as qualified referral from trusted tech provider, Carolinas NetCare. Previously, we were a loyal, 15 year client of another provider. Service subsequently declined with the provider eventually failing. Laura took on our renovation project with undivided attention. She is always very patient in understanding our needs. Her guidance & insight is invaluable in building our site to best reflect our business. We greatly appreciate the excellent service & tremendous value we received.
We sought out the expertise of Laura and D3 solutions based on the recommendations of trusted colleagues and the need for a web developer who could understand our unique needs. Laura’s reputation is well earned as she was able to deliver a truly incredible product that exceeded all of our expectations. Her communication was timely and through a balanced combination of expertise and creativity, she was able to transform rough sketches and basic ideas into a captivating website that now serves as the centerpiece of our mission and work. Laura was patient with our questions and sensitive to our concerns. In every possible way, D3 Solutions demonstrated the highest level of customer service. In the end it became increasingly clear that for Laura and D3 Solutions, the people they serve are far more than clients, they are partners.
D3 Solutions is my go-to company for web development and website hosting. They provide solutions I can feel confident in, stable and secure servers and responsive customer service, all at a price I find very competitive. I could not do what I do without a partner like D3 Solutions.
We reached out to Laura at D3 Solutions after our website had a security breach. She was extremely responsive and had the issue cleared up right away!
It has been a true joy working with Laura! She was involved from the initial thoughts and concepts of what we wanted in a website to then seeing our vision fully realized in a very professional and attractive site. Laura helped us work through ideas, and offered expertise in how to best implement them in a manner that made sense and was best utilized by our target audience. We are thankful that the relationship is ongoing with advice and troubleshooting being just a phone call or email away. I highly recommend you consider Laura for your website design and development!
A couple of years ago I hired a company to rebuild my website, and when the process stalled out, Laura came in and salvaged what could have been a disaster. Since that time she has worked to maintain my website and has proven to be highly skillful in what she does, responsive, and ethical. I would recommend her without any hesitation.
Laura is a fantastic web developer! She’s developed three websites for me and it’s unbelievable how quickly she can get a project done! She’s decisive and thorough, but also creative and understands the whole process and how everything fits together. One of the things I appreciate most about working with Laura is that she’s very dependable and responds to emails within the hour. Her training videos explain things clearly and easily, even to a novice like myself. Thinking of creating a website? You can’t find anyone better than Laura.