security

With an estimated 40% of all websites using WordPress, it continues to be a popular target for hackers and cyber criminals. To help protect your site, we take a multi-layered approach to reduce the risk:

  • Rather than running everything on a single server, services are split logically across multiple servers with only the front-end web server externally accessible. The other servers sit behind in a private network. Each server protected by two firewalls — one at the network level and one on the server itself.
  • Distributed denial-of-service (DDoS) attacks are detected and blocked by Linode.
  • The front-end web server handles all requests for static content content (image files, CSS, JavaScript, etc) as well as delivering the cached versions of your website’s pages. Requests for dynamic content are filtered to ensure that they appear to be legitimate before being passed back to the WordPress servers via a web application firewall (WAF).
  • The WAF applies a second layer of filtering, detecting and blocking common hacking techniques such as SQL injection, directory traversal, cross site scripting, local & remote file injection, and data leakage, as well as PHP, JavaScript and shell code injection. The WAF is also configured to block over a thousand known WordPress exploits, and we regularly add to this list as we detect new exploit attempts.
  • The WordPress servers run a hardened installation of the software with highly restrictive file permissions. Each WordPress server runs Wordfence, a WordPress-specific endpoint firewall which closely monitors login attempts and filters all requests against a database of exploits.
  • Updates to WordPress core files, plugins and themes are automatically applied within a few hours of release, limiting the window of opportunity for a vulnerability to be exploited.
  • In the background, Fail2ban monitors all server and WAF log files in real-time, and automatically blocks IP addresses linked to any suspicious activity. Vulnerability scans are often blocked on the very first request.

In general, hackers and cyber criminals are looking for easy targets such as poorly configured WordPress installations running outdated and vulnerable code.

In the worst-case scenario, we can quickly recover a comprised site and then undertake an analysis to determine how the site was targeted.