Skip to main content

Security

A layered approach to security, from the server to the site to the credentials.

Secure your sites now

Overview

Security is one of the primary concerns for any website owner.  Ensuring your site is protected against attacks is one of the fundamental services we provide and one that we spent a lot time working on.

We spent a long time looking at everything that was needed to provide a secure website.  Looking at server providers, provisioning options and plugins.

There is no such thing as 100% security a shocking statement to make, but it’s true.  The only way to have a 100% secure website is to…… not have one connected to the internet.  All we can to is reduce the threat surface as much as possible and implement counter measures to make it as difficult as possible to hack a site we host.

Server Security

  • Network Firewall

    Firewalls are implemented at the provider level.  The following ports are opened:

    • Port 80 (HTTP) all IP’s
    • Port 443 (HTTPS) all IP’s
    • Port 22 (SSH) selected IP’s

    All other ports are blocked.

  • 7G Firewall

    Applied on all sites this firewall is configured to:

    • Block Bad Bots
    • Block Bad Methods
    • Block Bad Query Strings
    • Block Bad Referrers
    • Block Bad Requests
  • wpFail2Ban

    wpFail2Ban is configured at the site level and is configured to:

    • Block common usernames
    • Block user enumeration
    • Block spam
    • Guard comments
    • Guard password resets
    • Guard pingbacks

    Where possible we integrate wpFail2Ban with CloudFlare so once an IP has been blocked not only is it blocked at the CloudFlare level it is also blocked for every site we host.

  • Additional Hardening

    Through GridPane we can implement some additional hardening at the site level on the server:

    • Disable XMLRPC
    • Block wp-content php
    • Block load-scripts concatenation
    • Block comments
    • Block OPML Linking
    • Block trackbacks
    • Block install.php
    • Disable username enumeration
    • Disable RSS

Site Security

As you can see, the security of the server is very comprehensive, the next step is protect the actual site.  Our site protection methods include:

  • Updates

    Every site is kept up to date with regular updates.

  • Scanning

    Regular scanning for vulnerabilities.

  • Backups

    There is no better security than a backup.

Solid Security Pro is also installed and activated on every site.  The is there to protect the logins, while a lot of the protection is already carried out by other security measures Solid Security enforces several additional layers of protection for users:

  • Password Policy
    • Enforce strong passwords
    • Refuse Compromised passwords
  • Login Security
    • Support for Passkeys,  allowing users to login with biometrics like Windows Hello, or USB security keys
    • Passwordless logins

Additional Security Steps

That’s all the basics and more covered.  There are some additional security measures that can (and should where possible) be implemented.

  • CloudFlare

    CloudFlare is a great service and offers additional security, for free.  The security steps include:

    • Hiding the real IP of your site and server behind a proxy
    • Additional Bot protection
    • Additional DDOS protection

    Your site can even be configured to only allow connections that come via CloudFlare

  • SSO with Microsoft Entra

    Login to your site can be integrated with your login to Microsoft 365.  No passwords to remember or enter when editing your site.

  • 2FA Everywhere

    Every service we use, every service we provide is protected by 2FA.  If the service doesn’t support 2FA then we won’t use it.

Review Your Cart
0
Add Coupon Code
Subtotal
Checkout