Unique Updates & Security Guarantee
We invest so heavily in security because of our clients, the businesses, and organizations that rely on us. The clients whose brand and image reflect professionalism; they deserve zero tolerance related to security incidents. We do not take this responsibility lightly. Thus we have carefully crafted the system and architecture for our server operations, both online and offline (behind the scenes).
Table of Contents
- Philosophy Behind the Security
- Unique Seravo updates
- 24/7 Monitoring, Protection, and Response
- Security Guarantee
Philosophy Behind the Security
We provide you with a custom platform built from the ground up with an uncompromising vision on security. Security is not just a technical concept for us. It is the complete package.
Secure by Default
Our platform has many default built-in techniques for security, so there is no need for any additional security plugins.
If your solution needs unique attention,
you can organize a custom security test with us or a 3rd party supplier.
Not Only About Technology
Not just as IT professionals – the way we manage our entire business is what makes us a reliable partner.
No Need for Security Plugins
Our platform has built-in techniques for security, which means that our customers do not need to install any additional plugins to secure the site. Security plugins are not useful on our platform: they may slow down the site or even lead to errors.
HTTPS by Default
HTTPS protection ensures that the site information and data does not get into the hands of outsiders. A certificate is especially necessary for sites that require a client sign-in and for websites that process personal information.
Additionally, websites protected with HTTPS rank higher on Google and HTTPS is also a requirement for HTTP/2 – another feature included in all of our plans.
All of our plans include a free Let’s Encrypt certificate for your WordPress site. And while others might feature a “one-click SSL certificate” or “an easy-to-install SSL certificate,” ours is a no-click SSL certificate – we do it all for you.
Seravo.com sites are located in data centers in different locations and as an European company we follow strict privacy laws and the General Data Protection Regulation (GDPR) by the European Union.
Our more detailed security policy can be provided if needed.
Unique Seravo Updates
All of our plans include our unique Seravo updates which for example, through thorough testing in seperate shadow environments, keeps WordPress core, plugins and themes regularly updated.
Regular Updates Included in All Plans
All of our hosting and upkeep plans include regular updates for WordPress, including plugins and themes. Old software versions are vulnerable to security breaches, so keeping everything updated at all times is essential. Seravo makes sure that your website is always secure to use.
Peace of Mind for Our Customers
It’s not uncommon that site owners avoid updating their site because they are afraid that an update might break the site. Even minor updates, such as updating a plugin, might cause some functionalities to stop working. Seravo customers don’t have to worry about these side effects as our updates include comprehensive testing.
There is no bulletproof system to eliminate all issues concerning updates, but our solution will reduce the number of them considerably. What’s more critical, Seravo will own the responsibility of keeping the website functional so that our customers can focus on the essential: running their business.
Updates Are First Tested in a Shadow
Seravo updates websites regularly. In each update the following steps are taken:
- The website functionality is tested before launching the update process to ensure that there are no pre-existing errors on the site.
- A shadow copy of the production site is created.
- Minor updates are done against the shadow copy first. For example, updating WordPress core from 5.x.1 to 5.x.2 or a plugin from version 1.1 to 1.2. The shadow copy is tested after the update to make sure everything works properly and that the site is visually identical to how it was before.
- If there are any issues, the updates will be interrupted and the process will be attempted again later. Most issues will be solved with time as new versions for plugins are released.
- If no issues are found, the same minor updates will be run on the production site.
- After a successful run with the minor updates, these same steps will be repeated with any available major updates, such as updating WordPress core from 5.x to 5.y or a plugin from version 1.1 to version 2.0.
It is more likely that the update contains unwanted changes if the leap between the version numbers is significant. By making the small and large updates separately, we can ensure that at least minor updates will be applied even if we are not able to conclude the major updates.
Comprehensive Testing Keeps Sites Functional
We’ll Let You Know if the Updates Require Changes
It’s worth pointing out that Seravo upkeep plans don’t include any site development. If we notice an issue that severely damages the functionality of a website and prevents us from updating it, we will notify the customer, so they can decide on how to proceed to solve the issue. Sometimes the solution might be to delete an old unused plugin or make minor code adjustments to the theme in use. It’s often a good idea to use the same developer that made the theme or website in the first place.
It’s possible to set up a Slack webhook in the WordPress admin panel to get real-time information on updates through the Seravo plugin. For checking how the past updates have succeeded, we log them in
update.log, which is accessible through the WP Admin or over SSH.
We Also Update Themes and Plugins
Seravo does all updates with the WP-CLI tool. We update everything that possibly can be updated using it, including any paid plugins the customer might have, as long as they have their license keys set correctly. The update can be made with the command
wp plugin update.
The natural state of software is to be continually evolving. Doing regular updates is not merely a smart thing to do but a necessity, especially regarding security updates. Seravo makes sure that both WordPress core and plugins are updated immediately after a vulnerability has been found. For example, Seravo customers got the WordPress core updates 4.9.9 and 5.0.1 in less than 24 hours of their release.
Seravo shares information concerning important updates on Twitter with the account @Seravo.
We Let Our Customers Decide
Updates are a standard feature in the Seravo service to ensure the security and functionality of our customer’s websites. However, sometimes there are situations where a customer wants to have complete control of the updates. In these cases, the customer can choose to opt-out of Seravo’s updates.
However, if it is necessary to update something to keep a customer’s website secure, Seravo will take care of it even if the customer has chosen to disable updates by Seravo.
If the customer wants Seravo to take care of the updates in general, but at the same time wants to prevent updates to a specific plugin, the easiest way to do this is to change the version number of the plugin in question to something substantial. This way, Seravo’s update system assumes that there won’t be any updates available and won’t try to update it.
Developers Can Write Tests of Their Own
Besides running our own tests as part of the update process, we also run tests written by the customer. The customers can develop custom tests to be used on their site to ensure the functionality of their most critical business processes. More information on how to develop these tests can be found from Seravo’s developer documentation. Alternatively, it is also possible to order custom tests that have been specifically designed for your website’s needs from our experts.
24/7 Monitoring, Protection, and Response
The threat is always there, but so are we! Both our systems and operators ensure that all websites always run smoothly.
Thanks to around-the-clock monitoring, Seravo can respond to issues quickly and restore websites rapidly. If any problems should occur, Seravo will know about it immediately. Our on-call systems operators will check the situation and, if possible, also fix the issue. If any action is required from the customer, they will be notified.
Monitoring Both Functionality and Security
Our monitoring system checks the websites at least every five minutes. More frequent monitoring is also possible in, for example, WP Enterprise plans.
Our monitoring keeps track of the following details:
- That the domain in use is valid, is routed correctly, and its HTTPS protection works correctly
- That the website version visible to the public works correctly based on both HTTP headings and the site content
- That the admin side of the website works correctly
Our monitoring also tracks site speed and will notify our system operators if an otherwise functional website is experiencing slow loading times.
We also regularly scan the websites on a deeper level to detect possible issues with site functionality or security. The information will be shared with the website owner through the WordPress admin panel if there is something that requires attention. In urgent cases, the customer contact person will be notified by email. We take great pride in offering excellent security services to our customers, which is essential when working with WordPress.
Technology Behind Security
We are continually developing and improving the technical side of security. Here are the critical components of the technologies we use to maximize the security of our customers:
- All sites, including WordPress core, plugins, and themes (with some limitations), are updated regularly. Security updates (both WordPress core, plugins, and PHP) are installed as fast as possible.
- We monitor and test all sites when updating them, ensuring that nothing breaks in the update process.
- All server software and operating systems are regularly updated.
- All websites and files are scanned at least once a day to notice any malware.
- We have extensive logging on the server, and thus potential security breaches can be investigated thoroughly.
- Recovering from possible security leaks, such as restoring backups or booting all sessions and user passwords, is made easy.
- Automatic backups every night, which are not dependant on the functionality of WordPress. Backups are made with pull-technique, which means that they cannot be easily destroyed. Our customers can go through the backups and restore any given backup from the previous month.
- We have offsite-backups in case an entire data center would be destroyed, for instance, in a fire.
- The backups cover all files and also the database. Restoring backups is tested regularly.
- Each website has its own Linux container environment. Seravo does not offer a so-called shared hosting environment.
- SSL (HTTPS) is always included in the package price.
- User credentials cannot be sent without a secure connection, and our customers always use HTTPS, SFTP, and SSH connections when logging onto the server.
- Besides DDOS-protection on the network level, we also have DDOS-protection on the website level, limiting the PHP load.
- Brute force attacks on passwords are made useless by restricting the number of login attempts. Our customers are advised to follow healthy password hygiene. No additional login security plugins are needed.
Our team has in-depth knowledge of both WordPress and Linux servers. We have contributed to the development of Linux and WordPress and have intimate knowledge of these technologies. We’re not only able to fix acute problems but can also craft more fundamental solutions by contributing improvements to the underlying open source software. Several of our contributions have been officially approved to the upstream.
Keeping Tabs on the WordPress Ecosystem
While we keep ourselves busy with the continuous monitoring of customer sites, we keep a close eye on the WordPress ecosystem and the development of Linux and other Internet technologies. We are also a part of the WordPress hosting group and actively follow numerous sources on software security.
Thanks to all this involvement, we have tremendous insight over upcoming changes and new features and can proactively prepare our service to accommodate them.
If our client’s site gets hacked despite protection and updates, we promise to clean and restore it without any extra cost.
What differentiates Seravo from several hosting providers is that we do not offer just server space but also – and most of all – upkeep and maintenance of WordPress sites. Taking care of security is a crucial component of the upkeep process, and therefore we develop our security procedure continuously.
To prove this: if our client’s site is hacked despite protection and updates, we promise to clean and restore it without any extra cost.
I would highly recommend Seravo’s managed instances for anyone doing serious WordPress developmentVicențiu Ciorbaru
Senior software developer at MariaDB Foundation