Hosted WordPress sites have been updated to the latest greatest 5.1.1 security and maintenance release. For full details, visit https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
On Monday morning, Mar 19, from 1:00 – 4:00 AM ET, we will be performing internal network maintenance. During this time, there may be brief network interruptions to the following services:
It’s Me 247 online and mobile banking
Hosted web/mail sites and cuanswers.com
It’s My Biz 247 online banking
On Monday morning, January 15, from 1:00 – 4:00 AM ET, we will be performing internal network maintenance. During this time, there may be brief network interruptions to the following services:
- It’s Me 247 online and mobile banking
- Hosted web/mail sites and cuanswers.com
- It’s My Biz 247 online banking
One of our plugin vendors, WordFence, wrote a detailed post answering the question “Is WordPress Secure.” “The short answer is yes, but it does require a modest amount of work and education on the part of the site owner.” Fortunately for our hosting clients, we already do much of that work (AND MORE!) for you!
Our hosting environment runs the Plesk hosting control panel on top of Ubuntu Linux. Ubuntu, Plesk, and WordPress core and repository plugin updates are automatically installed on schedule as they become available.
Your website on our hosting benefits from several different layers of protection, at the network level, the server level, and at the application level. Traffic is continuously monitored by Apache ModSecurity for dynamically updated (Atomic Subscription) patterns of abuse such as brute force login attempts, form POST abuse, excessive 404 request, 404 requests for commonly abused filenames, etc. These automated systems then temporarily ban offending IP addresses using Fail2Ban. Repeat offenders get blocked for longer periods of time. At the application level, the WordFence security plugin is used to monitor WordPress core files and plugins for changes from the official versions, as well as to overlap some of the ModSecurity functionality blocking abusive requests if they make it through the previous layers of defense. We also have systems, Cacti, Graylog, Watchdog, Health Monitor in place to monitor overall server and network load levels that alert us to suspicious conditions outside the norm for manual inspection so that we can respond to and mitigate threats as necessary.
We take your website security seriously. If you have questions about security please ask!
Our hosted WordPress sites using the WordFence plugin have now been updated with a new feature that detects when an email address logs in with credentials that have been previously discovered to be compromised in known password leaks from various sources. This feature increases protection since it stops a malicious third-party from using the leaked credentials to log in as you. If you see the INSECURE PASSWORD error when logging in, click the link to “reset your password” via email. After that, if you need additional help, please contact web services.