WordPress Site Security & Hosting: Features & Implementation List
Freshy WordPress website security
Freshy takes website security seriously. Our clients' WordPress sites are secured with a combination of proactive measures, best-practices, automations, and redundant fail-safes.
Below is a brief overview of some of the security features we implement.
- Jetpack has up to 1TB of real-time (per change) backups per install.
- BlogVault syncs a backup daily, stored up to 1 year.
- Hosting platform takes a backup nightly/hourly (files every 24 hours, database every hour) – stored for 30 days.
- Snapshot backups on-demand, before big changes, via All-in-One WP Migration.
Jetpack license and BlogVault connected for each new install
- Downtime monitoring (×2) with “urgent” internal workflow upon any alerts (even false-positives).
- Malware detection (×2) and removal/patching for both themes and plugins with “urgent” internal workflow upon any alerts (even false-positives).
- Activity log (×2) for key user actions.
- Brute-force detection (×2) to prevent unintended login attempts.
- Vulnerability detection (×2) for themes and plugins with known/published vulnerabilities.
- Plugins and themes proactively updated on a recurring basis by Freshy — via our Plugin Management plan with visual regression.
- Vulnerability, malware, and other threat monitoring at the server level, with Freshy having direct access to hosting platform admins.
Additional security measures implemented and available for Freshy client sites
- Complimentary secure socket layer (SSL) certificates powered by Let’s Encrypt.
- Managed WordPress core updates (automatically).
- PHP version bump when previous branch becomes unsupported.
- Freshy admin passwords stored via the industry-leading enterprise-grade password safe — with access for only necessary employees — and reset annually.
- SOC (System and Organization Controls) reports and penetration testing (pen test) available for hosting platform data centers, upon request (after NDA).
- Spam prevention on forms via Akismet.
- Web application firewall (WAF) identifies, filters, and blocks malicious activities to protect from DDoS attacks like XSS or cross-site scripting, cross-site forgery, cookie poisoning, file inclusion, SQL injection, among others.
- Cloudflare firewall (for DDoS protection, etc.) available for sites that have DNS managed by Freshy.
- Additional security measures and hardening available upon request/scoping
- e.g., 2FA, reCAPTCHA, preventing user enumeration, changing login URL, forcing password strengths, blocking countries, etc.
Freshy WordPress website hosting infrastructure
Freshy hosts sites on the WordPress Cloud platform. It’s an enterprise-grade and cloud-based infrastructure, which is built exclusively for WordPress CMS and maintained by Automattic (the parent company of WordPress).
The hosting infrastructure is a pooled server architecture — not really a shared setup, nor a typical dedicated setup. There are pools of servers and the load is split between database servers, file servers, and web servers. The setup is fully redundant with load balancers sitting on top of each server pool. This allows for zero downtime and powerful scaling. Since moving all sites to this infrastructure in 2017, we’ve had high performance and zero downtime.
- 100% uptime of data center network.
- Automatic failover as needed, as the system monitors the network for any disruptions.
- Each site has primary and secondary servers. If a site’s primary server experiences interruptions in connectivity, connections will automatically switch to the secondary server.
- Automatic scaling and load balancing helps maintain optimal performance by distributing the load across servers if traffic on your site spikes.
- Global content delivery network (CDN) allows content to load from the location closest to your audience, to minimize latency and data errors.
- Proactive monitoring of performance and memory usage by hosting platform admins, with direct communication if any issues are identified.
- Optimized servers with non-volatile memory express (NVMe) storage protocol to deliver the highest throughput and fastest response times.
- Jetpack Complete plan included to improve backups, security, and activity monitoring.
- Mailgun added to client sites for improved transactional email deliverability and monitoring (user notifications, orders, password resets, etc.).
- Collaborator access to the install — on a case-by-case basis — including SFTP access, database access via phpMyAdmin, cache control, and more.
- Staging environments available upon request/scoping.