There are no unsecure WordPress sites, only poorly upkept WordPress sites.
WordPress is the most popular content management system (CMS) in the world, mainly because it is so easy and flexible to use. The main challenges of WordPress have always been security and speed.
Security is an issue especially when a website is not upkept and actively updated. The updates should cover WordPress core as well as all themes and plugins. Typical security problems have originated from plugins that are not up-to-date.
At Seravo.com we offer the best possible hosting and upkeep for WordPress sites. Therefore our security level is as high as possible. Read further, if you want to know more about the procedures and techniques we use to make sure our customers’ sites are safe and secure.
All of our customers’ websites are under automatic monitoring all the time, 24/7. If there occurs an error on a site, our administrator on call will be informed and checks the situation immediately. We are constantly prepared to react to any security errors.
The most essential security threat for WordPress sites are automated attacks that are based on exploiting known vulnerabilities, commonly found in WordPress core and plugins. The best cure for these attacks is to use the newest secure version of WordPress and to update all used plugins regularly. We at Seravo do all of this without any extra request or cost. And we do it fast: WordPress versions 4.7.2 and 4.7.3 were installed to all of our customers within 24 hours from the security update release.
— Seravo.com (@Seravo) January 27, 2017
No need for security plugins
Our platform has built-in techniques for security, which means that our customers do not need to install any additional plugins to secure the site. Security plugins are not useful on our platform, they may slow down the site or even lead to errors.
Technology behind security
We are constantly developing and improving the technical side of security. Here are the key components of the technologies we use to maximise our customers’ security:
- All sites, including WordPress core, plugins and themes (with some limitations) are updated regularly. Security updates (both WordPress core, plugins and PHP) are installed as fast as possible.
- We monitor and test all sites when updating them, making sure that nothing breaks in the update process.
- All server software and operating systems are regularly updated.
- All sites and files are scanned at least once a day in order to notice any malware.
- We have extensive logging on the server and thus potentials security breaches can be investigated throughly.
- Recovering from possible security leaks, such as restoring backups or booting all sessions and user passwords, is made easy.
- Automatic backups every night, which are not dependant on the functionality of WordPress. Backups are made with pull-technique, which means that they cannot be easily destroyed. Our customers can go through the backups and restore any given backup from the previous month.
- We have offsite-backups in case an entire data center would be destroyed for instance in a fire.
- The backups cover all files and also the database. Restoring backups is tested regularly.
- Each website has its own Linux container environment. Seravo does not offer so-called shared hosting environment.
- SSL (HTTPS) is always included in the package price.
- User credentials cannot be sent without secure connection and our customers always use HTTPS, SFTP and SSH connections when logging onto the server.
- Besides DDOS-protection on the network level we also have DDOS-protection on the website level, which limits the PHP load.
- Brute force attacks on passwords are made useless by restricting the number of login attempts. Our customers are advised to follow normal password hygiene, no additional login security plugins are needed.
What differentiates Seravo from several hosting providers is the fact that we do not offer just server space but also – and most of all – upkeep and maintenance of WordPress sites. Taking care of security is a key component of the upkeep process and therefore we develop our security procedure constantly.
To prove this: if our client’s site gets hacked despite of protection and updates, we promise to clean and restore it without any extra cost.
Seravo.com sites are located on servers in different locations. In Finland our data centers meet the criteria of the regulations of Finnish Communications Regulatory Authority (54 B/2014 M). We are also following the General Data Protection Regulation (GDPR) by the European Union.
Our more detailed security policy can be provided if needed.