High Security

Managed WordPress Services: High security to keep your site safe!

If you choose a Managed WordPress Services plan, your website will be hosted with a leading WordPress hosting provider that is used by thousands of the world’s top creative businesses. High security standards are followed in order to keep your site secure, your data safe, and your mind at ease. If you would like to know more about the hosting provider and platform your site will be hosted on, please get in touch!

The terms “hosting provider” and “hosting platform” are referencing the company “Fancy Chap Inc. d/b/a Flywheel” which is used to provide the website hosting and some features included as party of the Managed WordPress Services.

A platform built on security

The hosting platform that is used to host your site was built from the ground up with security as a core pillar of not only the platform, but the hosting provider’s entire organizational culture. The hosting provider assesses how security affects code that is pushed at a micro-level, and how it affects what is being built at a macro-level. To accomplish this, a variety of teams and individuals are assigned, dedicated to reviewing, updating, and developing industry-leading security practices across every aspect of the hosting company.

SECURITY COMPLIANCE AND ASSESSMENTS

The hosting provider uses a variety of internal tests to assess security during every stage of development and throughout the organization. The provider also adheres to the security expectations set forth by a number of organizations to meet and exceed industry standards.

AUDITS

The hosting provider performs internal audits of all systems and software to ensure privacy and security standards are met and exceeded. They also work with credentialed assessors to perform external audits and determine compliance of industry security regulations.

LEGAL COMPLIANCE

The hosting provider works with legal professionals to review all security and privacy standards set forth by the organisation. These professionals collaborate with the hosting provider’s Security Team to ensure all policies comply with legal and regulatory requirements while upholding their values.

PENETRATION TESTING

The hosting provider security and development teams partner with third party security providers to conduct regular penetration and vulnerability testing on both our application and infrastructure to identify potential security or privacy concerns. Any reported incidents are then prioritized and patched by the relevant security team, engineers, and/or management.

SECURITY MONITORING

The hosting network, servers, and your websites are proactively monitored for malware infections, security breaches, and potential vulnerabilities. This monitoring includes (but is not limited to):

• Nightly scans of hosting providers network to identify known or spot potential vulnerabilities.

• Identifying and communicating identified vulnerabilities and/or security breaches to the hosting provider’s leadership and the relevant security teams.

• Individual monitoring all websites on the hosting platform.

Amazing Security. Sucuri scanning with every site!

Sucuri scanning is included on all websites! Sucuri is the leading provider of WordPress security solutions. That means your websites get the benefit of world-class malware scanning! Read more about Sucuri.

– Daily Website Malware Removal & Clean Up
– Daily Continuous Scans for Malware & Hacks
– Website Blacklist Monitoring & Removal
– Website Application Firewall
– Distributed Denial of Service Mitigation

Intelligent IP blocking

Intelligent IP address blocking on the hosting platform detects intruders and blocks them across your site within seconds. With monitor popular points of entry for hackers and immediately lock out any IP address trying to get through. These points include:

  • Failed SSH Access Attempts
  • Failed WordPress Login Attempts
  • Spam WordPress Comments
  • XMLRPC Connections

The hosting platform uses a variety of techniques to block traffic starting with preventing known malicious IP addresses from opening a session with the server, which is a very severe and immediate action. Another softer layer of security provided is a proprietary caching ban. This method detects “banned” access attempts and displays a cached page to the visitor stating that their connection has been banned. This method stops the connection at the highest layer of the service provider software stack and utilizes the fewest server resources while still presenting a user-friendly response. In the rare of occasion that a user has forgotten their password and keeps trying dozens of time in just a few minutes, they’ll see a ban page but will be presented with easy, on-screen instructions to get their IP un-banned.

Since banned IP information is shared across sites on the platform, a kind of “herd immunity” is developed to malicious actors in real time as the attacks come in. So your site’s protected from hackers before they even try to attack your site.