Recent events are raising questions and concerns about hybrid security threats and, by extension, the security of WordPress websites. These events have also been reflected in increased questions about the security, availability and potential data breaches of the sites in our premium WordPress hosting and upkeep at Seravo.
Although denial-of-service attacks (DoS, DDoS) are commonplace worldwide, we at Seravo have also seen a significant increase in the number of DDoS attacks following Russia’s attack on Ukraine. Our previous blog post explains what denial of service attacks are and how to protect against them.
There are many ways to ensure security of a WordPress site, but with these small steps you can make a difference to how secure your site is against data breaches.
Seravo Protects Your WordPress
Seravo takes care of the functionality and security of all its customers’ WordPress sites. Thanks to recent measures we have taken, Seravo’s hosting service has become more fault-tolerant. In particular, the protection provided by data centers against DoS attacks is in key position when ensuring the availability of sites. You can always check the service status on a separate status page at status.seravo.com.
Seravo Security Guarantee
Seravo’s premium hosting also comes with a security guarantee: if your website is broken into while hosted at Seravo – despite our security measures and taking good care of your password – we will clean your site of any malicious code and get it back up and running, at no extra charge. Each site is scanned daily for any malicious code and other security threats. The SLA of responding to security breaches depends on the plan level. The levels are as follows:
- WP Pro, WP Business (and WP Mini (no longer available): next working day
- WP Corporate and WP Enterprise: four hours
All the features and differences in plans can be found on our Plans page.
Critical Security Updates Without Delay
Updates to WordPress and its plugins can sometimes cause situations where not everything works as expected. In particular, big jumps to newer versions can affect the functioning of your site, in the worst case, making it inaccessible.
At Seravo, all updates are tested before they are installed on your WordPress site, to ensure that your site is up and running and remains available at all times. The exception to these updates are security updates, which are crucial and thus always installed on your site by Seravo without delay. Security updates are typically minor but all the more important, and will not typically affect the availability of your site.
You can view the status and history of your website updates and security patches by having a look at the site logs.
Automatic Backups
Every site hosted at Seravo is automatically backed up every day. If any error or problem is detected on a site, the backup allows the site to be quickly restored to its previous state. This means that there is no risk of an intruder logging into the site and deleting important data.
How to Protect Your WordPress Site Yourself
Even if Seravo takes care of your WordPress site’s security for you and cleans up your site if it gets infected with malware, there are still measures you can take and be proactive about its security. Here are some quick steps you can take to improve ensure your WordPress site has the highest level of security and works reliably!
Protect Your Passwords
The most common cause of data breaches on WordPress sites is a password that is too weak or poorly stored. The most important thing is to make sure that all WordPress users have a password that is strong enough. The SSH passwords used by Seravo are always strong, and for WordPress user accounts, it is not possible to set a password that is way too easy to guess (such as the account username). You can read more about password protection in Seravo’s previous blog post.
When your site is hosted at Seravo, you you can use a command line tool that allows you to check if any of the users of your WordPress site has a password that is too weak:
$ wp-check-passwords
Seravo Plugin – Security
If you don’t want to use the command line tool, you can also find the same functionality – and many other security-related settings for your site – in the features of Seravo Plugin, available via the WordPress dashboard. Just log in to your site and go to Tools > Security. For more information and commands to use, see the Seravo developer guide, seravo.com/docs.
Read more about the Seravo Plugin and security settings in the Seravo Knowledge Base.
Two-Factor Authentication for WordPress
The security of your site can also be improved by using two-factor authentication (2FA) on the WordPress login page, i.e. logging in to a site is confirmed by a separate authentication code. This is a relatively simple measure to implement, and will greatly improve the security of your site. Read more in Seravo’s Knowledge Bank on how to enable 2FA on your WordPress site!
Frequently Asked Questions About WordPress Security
We have created a separate page for more technical security questions (Security FAQ). On this page you will find more information on topics such as WordPress security audits, server load balancing and the Seravo security guarantee. If you have any questions about the security of your site or anything else, or if you would like to have an external security scan performed on your site, please contact us by email, help@seravo.com.
More Steps to Improve WordPress Security
To improve the site security even further, you can also check its integrity and improve its security with a few additional steps. You can find instructions on how to do this yourself in the Seravo Knowledge Base!