How We Do Website Security

Security is paramount and being a WordPress shop and host we have to admit the threat level is high. WordPress runs over 30% of the websites on the internet and that makes for a very large target!

99.99999 percent (I could probably add more 9’s here, but you get the idea) of website attacks are not direct targeted attacks, in other words the victim didn’t do anything to piss someone off and become a target of malicious intent directed in a personal matter.

However with that said we actually have experience with that too. Work with enough political organizations, government agencies, foreign governments and grassroots/lobbying groups and you’re bound to make someone angry… but I digress.

At FatLab we run a tight ship when it comes to security. All sites hosted with us utilize and have available to them the following services:

A Real Time Web Application Firewall

StackPath Web Application Firewall This is provided through StackPath which conducts the following services and every single inbound transaction to a website:

  • Open Web Application Security Project (OWASP) Top-10 Threat Analysis
  • DoS L7 Protection
  • CMS Specific vulnerabilities
  • Behavioral profiling
  • Inconsistency detection
  • IP Reputation
  • Anti-automation protection
  • Edge based custom rules
    We can create custom rules for any client, these rules are triggered at the firewall before traffic touches the server)
  • Auto Renewing SSL Certificates

Managed Server Security

Cloudways Gold Agency Partner FatLab is a Gold Agency partner with Cloudways and all utilized servers are dedicated to FatLab managed on behalf of FatLab (not a cheap shared reseller plan).

All servers include:

  • Server Level Firewalls
    The firewall allows access only to specific ports that are required for applications to function.
  • Login Security
  • Rate-limiting for SSH and SFTP logins
    An effective method to dealing with brute-force login attacks.
  • Database Security
    IP restricted access to databases, closed to remote access by default.
  • Application Isolation
    Each application (website) is isolated from the rest, thus preventing application level issues to compromise the entire server.
  • Auto Renewing SSL Certificates
  • Operating System’s Security & Patching
    Cloudways is powered by Debian, partly because of the strong and prompt patch management system. Our engineers regularly follow-up with Debian community to remain updated with the current issues/vulnerabilities in Debian and patch the customer servers as soon as the patch is made available.
  • Two-Factor Authentication
    Access to the Cloudways platform is protected with industry standard Two-Factor Authentication (2FA).
  • End-to-End Encryption
    The Cloudways platform is fully protected with end-to-end encryption that ensures that all data in transit is protected and encrypted with HTTPS protocol.
  •  Suspicious Device Login Control

CMS Vulnerability Detection & Virtual Patching

We monitor all hosted sites for pending software updates. If you have ever worked with WordPress then you know that it seems there is always a plugin, theme or core update pending.

As part of our website maintenance plans your site will receive weekly software updates (at a minimum) and you will receive a monthly website activity report that shows you all actions taken on your site.

As part of our software monitoring program we are made aware when any plugin, theme or even the WordPress core has a known security vulnerability. If a patch is available we will take care of this for you. However if a patch is not immediately available our web application firewall virtually patches known security vulnerabilities, giving us time to patch the website when one becomes available.

Malware Scanning & Clean Up

Sucuri Website Security Despite all the above security the bad guys are always one step ahead of the good guys and that is why we run daily malware scans on all hosted sites.

If Malware is ever found we hold an Agency account with Sucuri. Upon reporting any issue with a site Sucuri will complete the following tasks:

  1. Initial Baseline Scanning
    The Incident Response Team immediately runs several scripts to understand your environment. If they find any vulnerable software on your server, FatLab will receive guidance on how to update it.
  2. Quarantine and Backup Files
    They automatically log every file we touch and keep secure backups before making changes. We keep in touch with you during the cleanup and provide a complete report of everything that is found.
  3. Total Removal and Review
    Experienced security analysts and research-driven tools keep Sucuri on top of emerging threats and security issues. Once your website is clean, we submit review requests to remove blocklists.

All of our clients have this service available to them at no additional costs. FatLab will deal with any incident as part of one of our managed WordPress maintenance and hosting plans. Call it insurance.

Website Backups

Lots of Backups

At FatLab we maintain many sets of daily backups that include all files and databases:

  1. On Server Backups
    These backups are held on the same server as your website and hold the last daily backup.
  2. Off Server Backups
    Backups over a day old are moved to another location separate from the the main web server to protect against server-side catastrophic loss. These backups are held for a minimum of one week.
  3. Off Sever Backups Part 2
    We ALSO have a third-party service that takes a completely independent backup of the website files and database daily. These is held on yet another completely different system for a minimum of 30 days (typically 90 days).