How We Do Website Hosting and Security
Web Hosting Security is Paramount
As a WordPress development firm and provider of managed hosting, we have to admit the threat level is high. WordPress runs over 40% of the websites on the internet and that makes for a very large target!
The majority of website attacks are not direct targeted attacks, in other words, the victim didn’t do anything to draw attention to themselves. Most websites that fall victim to attacks have done nothing to become a target of malicious intent. Most website attacks come from bots that traverse the web seeking software vulnerabilities they can exploit.
However, with that said we actually have experience with that too. Work with enough political organizations, government agencies, foreign governments, and lobbying groups and you’re bound to make someone angry… but I digress.
At FatLab we run a tight ship when it comes to security. All sites hosted with us utilize and have available to them the following security features:
What Hosting Security Means to Us
Simply put, hosting security means building and maintaining a web hosting service with the latest security measures in place to protect your site. We have made some serious investments into our hosting environment and are not just reselling space on someone else’s server.
The safety and security of our clients’ websites is of the utmost importance to us. We take every measure necessary to ensure that their sites are protected from potential threats.
We regularly scan for vulnerabilities and malware, and we keep each website up-to-date with the latest security patches and software updates. We also utilize state-of-the-art real-time firewalls, hold multiple backups and have protocols in place should a site become victim to an attack.
Through our partnerships, we have teams of security experts who are available 24/7 to monitor our servers, network, and traffic. By utilizing the absolute latest in website security technology we are able to promise our clients that our hosting packages are as secure as possible.
We know how important it is for our clients to have a safe and secure online presence. We take pride in providing them with the best possible protection.
How We Maintain Secured Web Hosting Environment
We have a five-point strategy to maintain a secured web hosting environment. Absolutely none of these are plugins but are all active and real-time services that are always up to date with the latest threat information possible.
- Web Application Firewall (WAF)
- Managed Server Security
- CMS Vulnerability Detection and Virtual Patching
- Malware Scanning and Cleanup
- Redundant Backups.
A Real-Time Web Application Firewall
A web application firewall is an appliance, service, or filter that applies a set of rules to HTTP connections to a web server. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.
Additionally, they can provide virtual patching which covers known software vulnerabilities until a website owner or administrator is able to make the appropriate software updates.
A web application firewall can also help improve performance. By blocking malicious requests, the firewall prevents your servers from wasting time processing bad traffic.
Our primary Web Application Firewall (WAF) is provided by Cloudflare. Each site hosted with FatLab takes advantage of Cloudflare’s Enterprise plan.
Cloudflare WAF is a powerful security tool that helps protect your website from various online threats. It provides real-time DDoS protection, SQL injection protection, cross-site scripting (XSS) protection, and much more.
Additionally, Cloudflare WAF also blocks malicious requests before they reach your server, which helps to prevent downtime and keeps your website running smoothly.
Cloudflare Enterprise provides the following services:
- Mitigation of DDoS attacks (layers 3, 4, & 7)
- Web Application Firewall (WAF) with OWASP ModSecurity Core Rule Set and configured specifically for our hosting environment and WordPress
- Auto Renewing free SSL Certificates
- PCI DDS Compliance
Managed Server Security
FatLab is a Gold Agency partner with Cloudways and all utilized servers are dedicated to FatLab and managed on behalf of FatLab (not a cheap shared reseller plan).
Cloudways offers us and our clients security-as-a-service. This partnership provides a variety of security services, including intrusion detection and prevention, vulnerability management, and security event monitoring. Cloudways also offers a managed firewall service that helps protect customer networks from attacks.
All FatLab dedicated Servers include:
- Server Level Firewalls
The firewall allows access only to specific ports that are required for applications to function.
- Login Security
- Rate-limiting for SSH and SFTP logins
An effective method for dealing with brute-force login attacks.
- Database Security
IP restricted access to databases closed to remote access by default.
- Application Isolation
Each application (website) is isolated from the rest, thus preventing application-level issues to compromise the entire server.
- Auto Renewing SSL Certificates
- Operating System’s Security & Patching
Cloudways is powered by Debian, partly because of the strong and prompt patch management system.
- Two-Factor Authentication
Access to the Cloudways platform is protected with industry-standard Two-Factor Authentication (2FA).
- End-to-End Encryption
The Cloudways platform is fully protected with end-to-end encryption that ensures that all data in transit is protected and encrypted with HTTPS protocol.
- Suspicious Device Login Control
CMS Vulnerability Detection & Virtual Patching
We monitor all hosted sites for pending software updates. If you have ever worked with WordPress then you know that it seems there is always a plugin, theme, or core update pending.
As part of our website maintenance plans your site will be updated weekly (at a minimum) and you will receive a monthly website activity report that shows you all actions taken on your site.
As part of our software monitoring program, we are made aware when any plugin, theme, or even the WordPress core has a known security vulnerability.
If a patch is available, we will take care of this for you. However, if a patch is not immediately available our web application firewall virtually patches for known security vulnerabilities. This gives us time to patch the website when an update becomes available.
Virtual patching is a security technique that can be used to mitigate known vulnerabilities until a permanent fix can be deployed. Virtual patches work by creating security filters that can be applied to an application without having to modify the code itself.
Malware Scanning & Clean Up
Despite all the above security, no website is safe from malware. The bad guys are always one step ahead of the good guys and any site can be infected with malicious code that can cause serious security problems.
Website malware attacks are a serious security threat. Malicious code can be injected into a website to hijack user sessions, steal sensitive data, or redirect visitors to malicious websites. These attacks can have devastating consequences for both businesses and individual users.
Fortunately, there are steps you can take to protect your website from malware attacks. First, make sure that your website is running the latest version of all software. Second, use a security solution that includes malware scanning and removal features. Finally, keep your security solution up to date and ensure that it is properly configured.
By taking these precautions, you can help protect your website from malware attacks and keep your visitors safe.
How We Do Malware Cleanup
If Malware is ever found we hold an Agency account with Sucuri. Upon reporting any issue with a site Sucuri will complete the following tasks:
- Initial Baseline Scanning
The Incident Response Team immediately runs several scripts to understand your environment. If they find any vulnerable software on your server, FatLab will receive guidance on how to update it.
- Quarantine and Backup Files
They automatically log every file we touch and keep secure backups before making changes. We keep in touch with you during the cleanup and provide a complete report of everything that is found.
- Total Removal and Review
Experienced security analysts and research-driven tools keep Sucuri on top of emerging threats and security issues. Once your website is clean, we submit review requests to remove blocklists.
All of our clients have this service available to them at no additional cost. FatLab will deal with any incident as part of one of our managed WordPress maintenance and hosting plans. Call it insurance.
As anyone who has ever lost data knows, security is important. That’s why it’s critical to have multiple backups of your most important files. This strategy should be used for just about any digital content and your website is no exception.
Whether you’re backing up to a cloud service, a networked drive, or your primary web server, having multiple copies of your data ensures that you’ll always be able to access it, even if one of your backups fails.
There are many different ways to back up your data, and which one you use will depend on your needs. But regardless of how you do it, making sure you have multiple backups is the best way to protect your data against loss.
How we Do Backups (and Backups of Backups)
Our website backup plan will ensure that we can quickly and easily restore your website if it ever falls victim to an attack or otherwise is compromised. It will also give you peace of mind knowing that your website is safe and secure and that you can quickly get it back up and running if something goes wrong.
Backups help to protect your website from security threats and will ensure that we can quickly and easily restore it if something goes wrong. Backups also provide insurance against human error. Human error is by far the most common reason we have to restore backups.
At FatLab we maintain many sets of daily backups that include all files and databases:
- On Server Backups
These backups are held on the same server as your website and hold the last daily backup.
- Off Server Backups
Backups over a day old are moved to another location separate from the main web server to protect against server-side catastrophic loss. These backups are held for a minimum of one week.
- Off Server Backups Part 2
We ALSO have a third-party service that takes a completely independent backup of the website files and database daily. These are held on yet another completely different system for a minimum of 30 days (typically 90 days).