Is WordPress Secure?

Digital Key

One of our plugin vendors, WordFence, wrote a detailed post answering the question “Is WordPress Secure.”  “The short answer is yes, but it does require a modest amount of work and education on the part of the site owner.”  Fortunately for our hosting clients, we already do much of that work (AND MORE!) for you!

Our hosting environment runs the Plesk hosting control panel on top of Ubuntu Linux. Ubuntu, Plesk, and WordPress core and repository plugin updates are automatically installed on schedule as they become available.

Your website on our hosting benefits from several different layers of protection, at the network level, the server level, and at the application level. Traffic is continuously monitored by Apache ModSecurity for dynamically updated (Atomic Subscription) patterns of abuse such as brute force login attempts, form POST abuse, excessive 404 request, 404 requests for commonly abused filenames, etc. These automated systems then temporarily ban offending IP addresses using Fail2Ban. Repeat offenders get blocked for longer periods of time. At the application level, the WordFence security plugin is used to monitor WordPress core files and plugins for changes from the official versions, as well as to overlap some of the ModSecurity functionality blocking abusive requests if they make it through the previous layers of defense. We also have systems, Cacti, Graylog, Watchdog, Health Monitor in place to monitor overall server and network load levels that alert us to suspicious conditions outside the norm for manual inspection so that we can respond to and mitigate threats as necessary.

We take your website security seriously.  If you have questions about security please ask!

WordFence Rejects Leaked Passwords

Example of WordFence Insecure Password error screen

Our hosted WordPress sites using the WordFence plugin have now been updated with a new feature that detects when an email address logs in with credentials that have been previously discovered to be compromised in known password leaks from various sources. This feature increases protection since it stops a malicious third-party from using the leaked credentials to log in as you. If you see the INSECURE PASSWORD error when logging in, click the link to “reset your password” via email. After that, if you need additional help, please contact web services.

Hosted WordPress Updated To 4.9.1

WordPress
Hosted WordPress sites have been updated to the latest greatest 4.9.1 security and maintenance release. For full details, visit https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

Hosted WordPress updated to 4.8.3

WordPress

Hosted WordPress sites have been updated to the latest greatest 4.8.3 security release version. For full details, visit https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/

Hosted WordPress Updated to v4.8.2

WordPress

Hosted WordPress sites have been updated to security maintenance release 4.8.2. Release notes are available at wordpress.org/news

Shared Hosting Server Maintenance 8/27

maintenance

On Sunday, August 27, 2017 from 12 AM – 4 AM ET, we will be performing upgrades to our webhost6 shared hosting server. During this time, there may be brief interruptions to shared-hosting websites and/or email. We thank you for your patience as we make these upgrades.