With an estimated 40% of all websites using WordPress, it continues to be a popular target for hackers and cyber criminals. To help protect your site, we take a multi-layered approach to reduce the risk:
- Rather than running everything on a single server, services are split logically across multiple servers with only the front-end web server externally accessible. The other servers sit behind in a private virtual network (VLAN), inaccessible to the external internet.
- Each server is protected by a dual-layer network firewall. The WordPress servers are also protected by both WordFence and a Web Application Firewall customised specifically for WordPress.
- WordPress runs as a hardened installation with highly-restrictive file permissions and updates are applied automatically.
- All new and modified files are automatically scanned for malware.
In general, hackers and cyber criminals are looking for easy targets such as poorly configured WordPress installations running outdated and vulnerable code.
In the worst-case scenario, we can quickly recover a comprised site and then undertake an analysis to determine how the site was targeted.
Following the invasion of Ukraine, the volume of hacking attempts against Western websites has increased considerably. To help protect the sites that we host, we have taken the following additional steps:
- Any hacking attempt from a Russian or Belarusian IP address will result in the entire parent IP netblock range being denied on our external firewall. This includes IP addresses that have attempted hacks at any point during the previous five years.
- As a large number of attacks are also originating from servers hosted by DigitalOcean, Microsoft and OVH, repeated attempts will result in the entire parent IP netblock range being denied on our external firewall.
- The time length of automatic IP bans caused by hacking attempts has been increased for all sources.
Since the blocks occur on our external firewall, there is no impact on the performance of the sites that we host.