Security – The CourseVector Difference
According to a Global Knowledge White Paper, 43% of companies experienced a data breach in 2014. And in 2016, Identify Force reported that data breaches increased by 40%. While some of these breaches are caused by human error, there are plenty of breaches that occur because of malicious behavior.
CourseVector understands this threat. Because your security is important to us, we work hard to provide our hosting customers with the best protection for your business.
Protection begins with our perimeter and web application firewalls. The perimeter firewall monitors all access attempts to any part of your website. This includes all logins including, WordPress, FTP, Email, etc. If malicious activity is detected, the IP address of the attacker is locked out and one of our technicians is notified in case additional corrective action is needed. The Web Application Firewall monitors all traffic to and from your website. The firewall uses a form of artificial intelligence and can detect and block security issues, even those that have not been patched. This provides peace of mind during the time when a vulnerability is discovered within your website and when the software vendor provides a patch.
We also employ dual authentication login for most of our hosting clients. Dual authentication requires a user to log in twice, using a different username and password each time. While this method can be cumbersome, it offers a second layer of protection to websites on which it is used.
- The first authentication screen is activated on a server/system level and happens before access to your actual website is permitted. This offers two benefits: First, a system level authentication can handle thousands of requests per second with little to no system draw. Therefore, attackers who attempt to “overload” a website with login attempts, never actually get to the website to create site degradation issues. Second, attackers as locked out after several attempts and one of our technicians is notified allowing us to take appropriate action. The end result is that most attacks go unnoticed by our clients.
- If, per chance, an attacker get by the first authentication, *a second firewall, added to your WordPress by our technicians, will slow and eventually block their IP address. Again, a technician is notified and the first authentication password is changed, effectively setting the attacker back to square one. Most attackers look for “low lying fruit.” Our security measures are extremely effective in that it simply takes too long to breach on of our managed websites and getting reset to square one in the middle of an attack will usually cause attackers to give up.
No Automated Maintenance
CourseVector employs a team of experts who perform WordPress maintenance on each of our Managed Hosting client sites. Because real people perform updates, it minimizes the risk of fake updates and other malicious activity.
Finally, the last line of defense is our backup policies. Your entire server is backed up, off site, every few days and archives are kept for up to 1 month. In addition, WordPress Managed Hosting comes with an automatic, one touch restore, backup that secures all WordPress files, offsite, using the Amazon S3 redundant storage system. Although no backup system is 100% guaranteed, CourseVector takes great pains to use several backup system with offsite storage, providing what we believe to be one of the most secure hosting environments available today.
Updraft is a simple and reliable website backup program that can be administer by almost any user. Installation is a breeze but proper configuration can be a bit tricky and should be monitored to make sure the software is performing as expected.
More information about the Updraft plugin can be found on their website.
This article on How to Backup & Restore Your WordPress Site with UpdraftPlus provides very simple instructions on the use of the plugin.
Of course if you are part of CourseVector’s managed hosting program then all of this is done for you as part of your hosting service.
*Although many of the above security measures are applied to all of our hosting packages, only Managed Hosting has all features and monitors enabled.
Not Ready to Switch Hosts?
We highly recommend switching to our servers. This is the only way we can offer our multi-tiered protection plan. However, if you truly wish to stay with your current host but still want to take advantage of increased security, we can provide you with some degree of protection, to include:
- Updates every 6 months.
- Comprehensive site review.
- Our security plugins.
- 24×7 monitoring.
- Periodic backups stored on our S3 servers.
Since we cannot run perimeter firewalls from another host, we will not be notified prior to an attack. On our servers with perimeter firewalls, we are notified PRIOR to an attack. In most cases, we are able to stop the attack at this point. In addition, there are often critical, unpatched vulnerabilities. For instance, someone posts a hack that allows anyone to access your website with admin privileges through a plugin or WordPress itself. CourseVector can modify the firewall, allowing us to effectively stop the vulnerability for all of our clients. Then, we can wait worry-free for the developer to publish a patch.