At WalkerTek, we run many WordPress sites. From small to large, from low traffic to very high traffic. Over the years of hosting WordPress, many clients have come to us because there site had been hacked. While there is no guarantee your site won’t be hacked. Here we outline some of the things we recommend to minimize the possibility.
The most important thing you can do is to ensure your site is up to date with the latest security patches. Along with this, you must ensure your users have strong passwords. There are many bots on the internet that do brute force password checking. If one of your users has a weak password, it will surely be a target.
Some of the things we do to ensure your site is protected:
- The site source code files are stored in git, this allows us to detect any unauthorized changes
- Regular updates of all WordPress sites through our proprietary system
- Daily offsite backups
- Redundant, replicated databases
- Capacity monitored by Elastic, Filebeat, Logstash and Kibana
- IP Blocking of multiple failed login attemps to prevent brute force password scans
- Ensure directories accessible to web server have .htaccess files blocking unauthorized file uploads or php execution
- Site and server monitoring via Nagios
- Server and browser caching
- SSL on a load balancer which includes DOS/DDOS mitigation (Also recommended for SEO)
- Server capacity planning
- Development versions of your site for reviews and updates
- Regular site scanning for vulnerabilities
- CDNs for the fastest site possible
We take hosting seriously and want to provide the maximum value for our clients. While there may be cheaper solutions, we believe that your business depends on your website and it is worth the investment to ensure its reliable and available when you or your clients need it.