Web Hosting Security is Paramount
As a WordPress development firm and provider of managed hosting, we have to admit the threat level is high. WordPress runs over 40% of the websites on the internet, making for a very large target!
Most website attacks are not directly targeted; in other words, the victim didn’t do anything to draw attention to themselves. Most websites that fall victim to attacks have done nothing to become a target of malicious intent. Most website attacks come from bots that traverse the web seeking software vulnerabilities they can exploit.
However, with that said, we actually have experience with that too. Work with enough political organizations, government agencies, foreign governments, and lobbying groups, and you’re bound to make someone angry… but I digress.
At FatLab, we run a tight ship when it comes to security. All sites hosted with us utilize and have available to them the following security features:
What Hosting Security Means to Us
Simply put, hosting security means building and maintaining a web hosting service with the latest security measures to protect your site. We have made serious investments into our hosting environment and are not just reselling space on someone else's server.
The safety and security of our client's websites are of the utmost importance to us. We take every measure necessary to protect their sites from potential threats.
We regularly scan for vulnerabilities and malware and keep each website up-to-date with the latest security patches and software updates. We also utilize state-of-the-art real-time firewalls, hold multiple backups, and have protocols in place should a site become a victim of an attack.
Through our partnerships, we have teams of security experts available 24/7 to monitor our servers, network, and traffic. By utilizing the absolute latest in website security technology, we are able to promise our clients that our hosting packages are as secure as possible.
We know how important it is for our clients to have a safe and secure online presence. We take pride in providing them with the best possible protection.
How We Maintain a Secured Web Hosting Environment
We have a five-point strategy to maintain a secure web hosting environment. Absolutely none of these are plugins but they are all active and real-time services that are always up to date with the latest threat information possible.
- Web Application Firewall (WAF)
- Managed Server Security
- CMS Vulnerability Detection and Virtual Patching
- Malware Scanning and Cleanup
- Redundant Backups.
A Real-Time Web Application Firewall
A web application firewall is an appliance, service, or filter that applies rules to HTTP connections to a web server. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.
Additionally, they can provide virtual patching covering known software vulnerabilities until a website owner or administrator can make the appropriate software updates.
A web application firewall can also help improve performance. By blocking malicious requests, the firewall prevents your servers from wasting time processing bad traffic.
Cloudflare provides our primary Web Application Firewall (WAF). Each site hosted with FatLab takes advantage of Cloudflare's Enterprise plan.
Cloudflare WAF is a powerful security tool that helps protect your website from various online threats. It provides real-time DDoS protection, SQL injection protection, cross-site scripting (XSS) protection, and much more.
Additionally, Cloudflare WAF also blocks malicious requests before they reach your server, which helps to prevent downtime and keeps your website running smoothly.
Cloudflare Enterprise provides the following services:
- Mitigation of DDoS attacks (layers 3, 4, & 7)
- Web Application Firewall (WAF) with OWASP ModSecurity Core Rule Set and configured specifically for our hosting environment and WordPress
- Auto Renewing free SSL Certificates
- PCI DDS Compliance
Managed Server Security
FatLab is a Gold Agency partner with Cloudways, and all utilized servers are dedicated to FatLab and managed on behalf of FatLab (not a cheap shared reseller plan).
Cloudways offers us and our clients security-as-a-service. This partnership provides various security services, including intrusion detection and prevention, vulnerability management, and security event monitoring. Cloudways also offers a managed firewall service that helps protect customer networks from attacks.
All FatLab dedicated Servers include:
- Server Level Firewalls
The firewall allows access only to specific ports required for applications to function.
- Login Security
- Rate-limiting for SSH and SFTP logins
An effective method for dealing with brute-force login attacks.
- Database Security
IP restricted access to databases closed to remote access by default.
- Application Isolation
Each application (website) is isolated from the rest, thus preventing application-level issues from compromising the entire server.
- Auto Renewing SSL Certificates
- Operating System’s Security & Patching
Cloudways is powered by Debian, partly because of the strong and prompt patch management system.
- Two-Factor Authentication
Access to the Cloudways platform is protected with industry-standard Two-Factor Authentication (2FA).
- End-to-End Encryption
The Cloudways platform is fully protected with end-to-end encryption that ensures that all data in transit is protected and encrypted with HTTPS protocol.
- Suspicious Device Login Control
CMS Vulnerability Detection & Virtual Patching
As part of our software monitoring program, we know when any plugin, theme, or WordPress core has a known security vulnerability.
We will take care of this if a patch is available. However, if a patch is not immediately available, our web application firewall virtually patches for known security vulnerabilities. This gives us time to patch the website when an update becomes available.
Virtual patching is a security technique that can mitigate known vulnerabilities until a permanent fix can be deployed. Virtual patches create security filters that can be applied to an application without modifying the code itself.
Malware Scanning & Clean Up
Despite all the above security, no website is safe from malware. The bad guys are always one step ahead of the good guys, and any site can be infected with malicious code that can cause serious security problems.
Website malware attacks are a serious security threat. Malicious code can be injected into a website to hijack user sessions, steal sensitive data, or redirect visitors to malicious websites. These attacks can have devastating consequences for both businesses and individual users.
Fortunately, there are steps you can take to protect your website from malware attacks. First, ensure that your website runs the latest version of all software. Second, use a security solution that includes malware scanning and removal features. Finally, keep your security solution updated and ensure it is properly configured.
Taking these precautions can help protect your website from malware attacks and keep your visitors safe.
How We Do Malware Cleanup
If Malware is ever found, we hold an Agency account with Sucuri. Upon reporting any issue with a site, Sucuri will complete the following tasks:
- Initial Baseline Scanning
The Incident Response Team immediately runs several scripts to understand your environment. If they find any vulnerable software on your server, FatLab will receive guidance on how to update it.
- Quarantine and Backup Files
They automatically log every file we touch and keep secure backups before making changes. We keep in touch with you during the cleanup and provide a complete report of everything that is found.
- Total Removal and Review
Experienced security analysts and research-driven tools keep Sucuri on top of emerging threats and security issues. Once your website is clean, we submit review requests to remove blocklists.
Our clients have this service available to them at no additional cost. FatLab will deal with any incident as part of one of our managed WordPress maintenance and hosting plans. Call it insurance.
As anyone who has ever lost data knows, security is important. That's why having multiple backups of your most important files is critical. This strategy should be used for just about any digital content; your website is no exception.
Whether you're backing up to a cloud service, a networked drive, or your primary web server, having multiple copies of your data ensures that you'll always be able to access it, even if one of your backups fails.
There are many different ways to back up your data; which one you use will depend on your needs. But regardless of how you do it, ensuring multiple backups is the best way to protect your data against loss.
How we Do Backups (and Backups of Backups)
Our website backup plan will ensure that we can quickly and easily restore your website if it ever falls victim to an attack or otherwise is compromised. It will also give you peace of mind knowing that your website is safe and secure and that you can quickly get it back up and running if something goes wrong.
Backups help to protect your website from security threats and will ensure that we can quickly and easily restore it if something goes wrong. Backups also provide insurance against human error. Human error is the most common reason we have to restore backups.
At FatLab, we maintain many sets of daily backups that include all files and databases:
- On Server Backups
These backups are held on the same server as your website and hold the last daily backup.
- Off Server Backups
Backups over a day old are moved to another location separate from the main web server to protect against server-side catastrophic loss. These backups are held for a minimum of one week.
- Off Server Backups Part 2
We ALSO have a third-party service that takes a completely independent backup of the website files and database daily. These are held on yet another completely different system for a minimum of 30 days (typically 90 days).