I remember the first time we received a phone call in the middle of the night. It woke up the entire house. I was sitting straight up in bed and wondering who was on the phone. I could hear the sounds of muffled voices from the other room. I knew it was my parents talking to each other. I could hear them rustling around, getting out of bed, someone shuffling to get clothes on. I jumped out of bed, quickly changed my clothes and ran out of my room to find out what was going on.
I meet my dad in the living room where he told me that one of the windows in our family business had a rock thrown into it and the phone call he received was the security company informing us that the alarms were going off. The security company called the police, alerted us of the break-in, and helped my parents figure out a gameplan to report any losses to their insurance company.
This was the first time I realized the fact that someone would want to break into a business and steal something from it. They wanted to steal something I knew my dad worked long, hard hours to sell. In spite of the unfortunate situation, my parents were really thankful that the security company called them because they were able to deal with this issue right away. This was the moment I realized how important security is for owning a business.
Thinking about the security for my parents’ store got me thinking about digital stores. Shouldn’t you have the same type of security for your digital business? Something that is proactive and can alert you when something happens with your site?
See, without strong security measures in place, your site can get infected with malicious code and potentially affect your site visitors. In a worst-case scenario, it can even render your site in a nonfunctional state.
What level of security do you need to put in place for your site? Are there already WordPress security measures for your site at the host level? At Liquid Web, we understand the importance of having secure websites. We also understand that a lot of thought can go into keeping your websites secure and that it may not always be understood what a host can and should do to help keep you protected.
Today, we’re going to cover some of the basics about what we do to protect your sites, and what you can do to further enhance your website security.
Understanding Your Environment
To help illustrate your WordPress environment, we’ve put together a simple diagram of what our network looks like to give you an idea of what is in place to help prevent attacks on your site.
Most quality hosting providers will have a similar network setup with lots of protection along the way. It’s important for hosts to have this level of security and help to prevent a number of different attack vectors.
The sad thing though, is that some hosts will stop at this. They’ll leave everything else up to you. Leaving you in the lurch for certain aspects of security. But at Liquid Web, with our Managed WordPress and Managed WooCommerce Hosting plans, we take that security a step further.
How Do We Keep WordPress Secure?
In our platform, we implement a number of WordPress security mechanisms across different layers. This helps put in an effort to promote the best WordPress security practices that exist. From a web app firewall, all the way to WordPress itself, we have you protected.
Web App Firewall
To keep the server locked down, we only open the necessary ports needed to have access. So ports like HTTPS, SSH/sFTP are the only ports that are open to the outside.
Another layer we include is a custom ModSec ruleset to help prevent WordPress from being attacked. This ruleset gets updated by our amazing security team that actively monitors all of our servers and attack vectors to ensure that they apply updates to the rulesets accordingly.
Next, we take additional measures by using fail2ban to temporarily block repeated failed logins. This is set low enough to prevent attackers from repeatedly trying to access your site, but also not make you have to call us to let you get access again.
When it comes to the actual WordPress platform, there are some things we do to help you keep WordPress secure. Since our platform creates sites for you, we make sure to use safe usernames and passwords and apply fresh salts to your site.
To help keep you secure, we take another precaution and actively scan sites for known exploits, malware, and known security issues. These scanning tools are designed to detect malware specifically for hosting environments. They search at operating system level trojans and traditional file-infecting viruses.
Our servers running our Managed WordPress and Managed WooCommerce Hosting, run locked-down versions of PHP. These include jailed environments so you aren’t able to run any arbitrary code.
Our platform also implements three levels of locked-down environments by site, user, and process. This allows us to keep every site running in a jailed chroot setup so if an intruder gains access to a site, they can’t get access to other sites the same way.
Everything from our servers to WordPress regularly gets security updates. Many times these are applied in the background without causing attention to them. Allowing us to keep your business, your site, and your visitors safe.
Security is Important
WordPress is now running 30% of the web. So it’s very important that your web host takes your WordPress security seriously. It’s also important that you take action and take the security of your own WordPress site seriously. We will do everything we can to protect your site, but there are still things you need to do to help keep your site protected. As long as we’re paying attention to WordPress security together, we can work together to keep WordPress robust, secure and running smoothly.