With an estimated 40% of all websites using WordPress, it continues to be a popular target for hackers and cyber criminals. To help protect your site, we take a multi-layered approach to reduce the risk:
- Rather than running everything on a single server, services are split logically across multiple servers with only the front-end web server externally accessible. The other servers sit behind in a private network. Each server is protected by two firewalls — one at the network level and one on the server itself.
- Distributed denial-of-service (DDoS) attacks are detected and blocked by Linode.
- The WordPress servers run a hardened installation of the software with highly restrictive file permissions. Each WordPress server runs Wordfence, a WordPress-specific endpoint firewall which closely monitors login attempts and filters all requests against a database of exploits.
- Updates to WordPress core files, plugins and themes are automatically applied within a few hours of release, limiting the window of opportunity for a vulnerability to be exploited.
- In the background, Fail2ban monitors all server and WAF log files in real-time, and automatically blocks IP addresses linked to any suspicious activity. Vulnerability scans are often blocked on the very first request.
- If you would like an extra layer of protection for your site, we can also enable blocking of all IPs listed in the firehol_level1 firewall blacklist.
In general, hackers and cyber criminals are looking for easy targets such as poorly configured WordPress installations running outdated and vulnerable code.
In the worst-case scenario, we can quickly recover a comprised site and then undertake an analysis to determine how the site was targeted.
Following the invasion of Ukraine, the volume of hacking attempts against Western websites has increased considerably. To help protect the sites that we host, we have taken the following additional steps:
- Any hacking attempt from a Russian or Belarusian IP address will result in the entire parent IP netblock range being denied on our external firewall. This includes IP addresses that have attempted hacks at any point during the previous five years. 447,488 individual IP address are currently blocked.
- As a large number of attacks are also originating from servers hosted by DigitalOcean and OVH, repeated attempts will result in the entire parent IP netblock range being denied on our external firewall.
- The time length of automatic IP bans caused by hacking attempts has been increased for all sources.
Since the blocks occur on our external firewall, there is no impact on the performance of the sites that we host.