At the bottom of this blog you can read what this point by point means<\/p>\n
But surely every hosting provider offers this?<\/b><\/p>\n
If only that were true.
\nYou would think it would go without saying that all hosting companies offer this by default.
\nUnfortunately, this is not so!
\nThe reason hosting companies don’t take these actions is: <\/p>\n
- \n
- It takes more resources (and therefore money) to set up and maintain malware scans, backup servers and routines;<\/li>\n
- Additional backups also require additional server space that they prefer to sell to hosting customers.<\/li>\n
- Tailoring firewall\/modsecurity specifically to individual websites takes more time<\/li>\n
- Not every hosting company specializes in WordPress<\/li>\n<\/ol>\n
In addition, some of the work is offered as an option or left out of the subscription so that hosting can be offered inexpensively.<\/p>\n
Managed WordPress Hosting offers a solution<\/b><\/p>\n
So both end users and Web site developers have a lot on their plate when it comes to security.
\nFor the former it comes at the expense of doing business and for the designer at the expense of his or her creativity.
\nFor exactly that reason, in 2015 we started offering Managed WordPress hosting<\/span><\/a>.
\nOffering as a full-service service all the things that we ourselves as developers had been running into since 2009, but wanted to get right for my clients. <\/p>\n<\/p>\n
<\/span>Always personal contact<\/b>!<\/b><\/span><\/p>\n
So WP Provider was born out of personal need for ultimate hosting and personal contact when it matters.
\nBy and for WordPress enthusiasts.
\nAnd the latter remains manageable by offering this service only through web designers.
\nWe focus 100% on the hosting and the designer on the design for his client.
\nIf you have any questions about this.
\nFeel free to give us a call to discuss the possibilities. <\/p>\nMarco Kroon<\/p>\n
__________________________________________________________<\/b><\/p>\n
For the foodies…<\/b><\/p>\n
As promised, below is another explanation of the six key points for a secure Web site:<\/p>\n
Malware Scans<\/b><\/span> Malware stands for “malicious software” It is an extended term for malicious code that hackers use to gain unauthorized access or do damage to your WordPress website.
\nIn most cases, a bot or hacker will exploit a security vulnerability.
\nIf a plugin is no longer supported by its developers and thus no updates are released for it, it is important to take active action on it. <\/p>\nYou definitely want to prevent your website from being given an SEO penalty by Google, which is why we perform several scans at the server level including our WP eXploit scanner tool that actively scans files as they are uploaded to the server through FTP or via WordPress directly, for example.
\nIt can detect suspicious files on the server and prevent most (with the exception of zero-days (the unknown exploits) from being uploaded or executed on the server. Software & hardware based firewall<\/b><\/span> <\/b> Through our firewall solution, unused ports are closed, access to certain services is protected and logs are continuously scanned for suspicious activity such as a suspicious number of login attempts to WordPress or the email boxes.
\nIP addresses and ranges are blacklisted so that the attack is stopped.
\nIt recognizes many different attacks such as port scans, SYN floods and brute-force attacks. <\/p>\nDDoS protection<\/b><\/p>\n
If a Ddos attack is involved, sometimes this is not enough and the Ddos protection shield is enabled.
\nOur proactive, real-time monitoring capabilities effectively detect and eliminate high-volume attacks.
\nWhen we encounter a DDoS attack, DDoS Shield separates clean traffic while the attack is redirected to our DDoS scrub center.
\nWe also have Modsecurity active by default for your account which ensures that suspicious requests are filtered out immediately. <\/p>\nSecurity headers<\/b><\/p>\n
HTTP security headers are, in my opinion, a fundamental part of website security.
\nBy enabling appropriate headers at the server or application level (WordPress), you can improve the CMS’s resilience against common attacks, including cross-site scripting (XSS) and clickjacking. <\/p>\nWhen a user visits a site through their browser, the server responds with HTTP Response Headers.
\nThese headers tell the browser how to behave while communicating with the site.
\nBy applying the right security headers, you are taking a good step toward a more secure Web site. <\/span><\/p>\n<\/b>Hardened PHP<\/b><\/p>\n
WordPress recommends that the latest PHP version always be used (and so do we).
\nOf course, this is not possible in practice because, for example, custom plug-ins are written for an older PHP version or because plug-in developers have not yet rewritten their plug-ins for the latest PHP version.
\nIf an update of the PHP version is performed, the worst case scenario is that a fatal error occurs and the website can no longer be reached.
\nFor this reason, we use HardenedPHP, a way to continue using older PHP versions without compromising security. <\/p>\nVery popular versions of PHP, used in nearly 85% of all PHP sites, are no longer supported by the PHP.net community<\/a>.
\nHardenedPHP secures old and unsupported versions of PHP – 4.4.9, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1, 7.2. <\/p>\nHardenedPHP secures old, and unsupported versions of PHP.
\nIn those old versions, including the widely used 7.2, 7.1, 7.0 and 5.6, vulnerabilities, even if discovered, are not patched by the PHP.net community<\/a>.
\nHardenedPHP takes care of all this. <\/p>\nPHP represents more than 79.2% of all server-side scripts.
\nBecause of this wide application usage, PHP is constantly being exploited by hackers, leaving sites vulnerable. <\/p>\n
![\"\"](\"https:\/\/nieuw.wpprovider.nl\/wp-content\/uploads\/diagram1.1.png\")
<\/span><\/p>\n