Keeping your website plugins and themes up-to-date is a great base for a secure website. Unfortunately these days there’s a lot more involved to ensure that your site is as secure as possible.
Here is more information on our service and approach to security.
The security of your site starts at the DNS level. As soon as a user/bot/visitor enters your website address, your DNS records are checked at your nameservers and an IP address is resolved where your website is stored. The user is then sent to that IP address to retrieve the content.
Cloudflare is not only super-fast DNS hosting, but can also help you block unwanted traffic such as fake search engine bots and spammers. So bad traffic doesn’t even reach your website which stops them entirely from causing trouble on your server.
Hosting quality can play a huge role in how safe your website is. Shared hosting can mean that you are not only at risk from holes in your own website but at risk from holes in other people’s sites too. Server management and frequent updates are also required to plug security holes in the server.
We use Upcloud to manage our server infrastructure. Every customer has their own cloud server and IP address. Customers can pick a location from a wide range of worldwide options, so we can serve customers all over the world. Cloud hosting means the server can be scaled-up depending on your needs and resources are easy to add as your site grows.
There are a lot of elements that go into securing the website level.
Using a Web Application Firewall at the website level is some of the last defences your site can have. Cloudflare also has a WAF built-in which deals with requests at the DNS level before reaching your site. But plugins such as WordFence are also awesome to have at the site level for managing brute-force attacks (login attempts by cracking the password) as well as other hardening methods not managed elsewhere.
Logging and Monitoring
To know what’s happening on a site you have to be able to monitor it and see when there is more bot traffic than usual. By monitoring bot traffic you can pre-emptively see things such as:
- Whether a plugin has a vulnerability.
- Whether a theme has a vulnerability.
- If there’s a particular username that is in danger of being cracked.
- Whether forms are getting bombarded by spam bots.
- Whether comment spam is getting out of hand and needs more security.
Logging also allows us to see what happened if something goes wrong. We can follow the trail of what users/bots did before the problem happened.
We have completely custom monitoring and remote logging so we can see issues on your website quickly and react accordingly.
Keeping WordPress core, themes and plugins updated is a no-brainer, however, many companies don’t have the time or ability to keep their site updated every week. There are also a few more issues that can crop up with updates, so it’s not always easy to update sites. Read more about software updates.
Site Backup / Repair
Backups are important to have and remote backups are even better. It’s also important to be able to restore backups as soon as you need them. If there’s an issue with your site and the backups are on the same server, the backups may also be corrupted. It’s also a danger that your backup plugin is creating new backups in a publicly assessable place.
We take daily or hourly backups of your site (depending on your plan), and can restore the backups immediately if you have any issues.
We hope this article has opened up a few of the methods you can use to secure your site. Please contact us if you’d like more information or help in securing your site.