With an estimated 40% of all websites using WordPress, it continues to be a popular target for hackers and cyber criminals. To help protect your site, we take a multi-layered approach to reduce the risk:

  • Rather than running everything on a single server, services are split logically across multiple servers with only the front-end web server externally accessible. The other servers sit behind in a private virtual LAN.1 Each server is protected by two firewalls — one at the ISP’s network level2 and one on the server itself.
  • Distributed denial-of-service (DDoS) attacks are detected and blocked by our ISP.3
  • The front-end web server handles all requests for static content (image files, CSS, JavaScript, etc) as well as delivering the cached versions of your website’s pages. Requests for dynamic content are filtered to ensure that they appear to be legitimate before being passed back to the WordPress servers via a web application firewall (WAF).
  • The WAF applies a second layer of filtering, detecting and blocking common hacking techniques such as SQL injection, directory traversal, cross site scripting (XSS)4, local & remote file injection, and data leakage, as well as PHP, JavaScript and shell code injection. The WAF is also configured to block over a thousand known WordPress exploits, and we regularly add to this list as we detect new exploit attempts.
  • The WordPress servers run a hardened installation of the software with highly restrictive file permissions. Each server also runs Wordfence, a WordPress-specific endpoint firewall which closely monitors login attempts and filters all requests against a database of exploits.
  • Updates to WordPress core files, plugins and themes are automatically applied within a few hours of release, limiting the window of opportunity for a vulnerability to be exploited.
  • In the background, Fail2ban monitors all server and WAF log files in real-time, and automatically blocks IP addresses linked to any suspicious activity. Vulnerability scans are often blocked on the very first request.
  • If you would like an extra layer of protection for your site, we can also enable blocking of all IPs listed in the current firehol_level2, firehol_level3 and firehol_abusers blocklists.

In general, hackers and cyber criminals are looking for easy targets such as poorly configured WordPress installations running outdated and vulnerable code.

In the worst-case scenario, we can quickly recover a comprised site and then undertake an analysis to determine how the site was targeted.

Following the invasion of Ukraine, the volume of hacking attempts against Western websites has increased considerably. To help protect the sites that we host, we have taken the following additional steps:

  • Any hacking attempt from a Russian or Belarusian IP address will result in the entire parent IP netblock range being denied on our external firewall. This includes IP addresses that have attempted hacks at any point during the previous five years.
  • As a large number of attacks are also originating from servers hosted by DigitalOcean, Microsoft and OVH, repeated attempts will result in the entire parent IP netblock range being denied on our external firewall.
  • The time length of automatic IP bans caused by hacking attempts has been increased for all sources.

Since the blocks occur on our external firewall, there is no impact on the performance of the sites that we host.


  1. Wikipedia: VLAN.
  2. Linode Cloud Firewall.
  3. Linode Advanced Cloud DDoS Protection.
  4. Wordfence: Cross-Site Scripting.