WordPress is by far the world’s largest publishing platform and, therefore, also a popular target for hackers. Fortunately, WordPress is open source, and users and developers help each other to report and close security holes.
Firewalls
We have three layers of firewalls in front of all traffic to us. At the frontline is Amazon’s security groups that ensure that only traffic on accepted ports comes to our server park at all. Then we have a web firewall that stops traffic based on a rule set adapted to WordPress. This Web Firewall (WAF) is a cluster with high availability and with many machines that efficiently filter all traffic. At the back of each server there is one last bulwark where we can stop suspicious behavior.
HTTPS to everyone
We have developed a solution that allows all customers to get a free SSL certificate from Let’s Encrypt (https://letsencrypt.org/). We create the certificates and make sure they are renewed.
Standard and Tailor-made
In our shared hosting solutions, we have a standard security plan that covers most needs. However, if you have special security needs, we can tailor solutions for you. We have set up solutions for total backend and frontend separation, whitelisting of legitimate traffic, extended logging, and more. If you have a challenge, we gladly take it.
Patching of security holes
All of our systems are patched within 24 hours of new security updates. This applies to operating systems, databases, and applications. We patch WordPress and all standard plugins for customers with Total subscription and those with Own Server where this is selected. In case of any problems, we can quickly reset to a stable situation.
Surveillance
We manually monitor all publishing of security holes in WordPress templates, plugins, etc. When publishing new holes, we make sure that all our customers are secured. All logs are automatically scanned, and a summary of events that we go through manually is sent. Any suspicious events are followed up.
Backup
We take several layers of backup of our systems. Databases are completely dumped to file every night in addition to having point-in-time recovery on the servers where we can go back up to 1 minute in time. Each night, we take a snapshot of the file system and can retrieve all customers down to single files. We also regularly make complete snapshots of entire servers. So that in the event of a system crash, we can come back in as little as 5 minutes. With our backup solution, you do not need to back up your WordPress websites yourself.
Hacker Warranty
All of our customers are covered by our hacker warranty. In this warranty, we clean all traces of hacking for customers who have kept their plugins, templates, and WordPress updated to the latest versions free of charge. We will also disclose the opening the hackers came in through and close it.