Frequently Asked Questions
How often will my WordPress backend get updated/patched?
WordPress core file updates, theme updates, and plugin updates generally happen every Monday.
What security measures are being taken to prevent sites from getting hacked?
To prevent the server from getting hacked:
- Server firewalls are in place.
- Monitoring is in place for brute force attacks.
- If the server detects bad behavior, notifications go out and appropriate action is taken.
- Offending IP addresses are automatically blocked from accessing the server when appropriate.
- Manual monitoring and evaluation of the overall server health is undertaken monthly.
To prevent your WordPress site from getting hacked there are several measures taken:
- All new sites on the server are evaluated to ensure they are up-to-date and don't have any existing security issues.
- Good fences make good neighbors. While your neighbor's sites will have the same high standard as yours, you also have an environment and account that keeps you separate from them. Shared servers are more risky because if your neighbor has a problem, there is a greater chance it can affect you — which is why I don't offer them.
- Keeping your core files and plugins updated is one of the most important things that can be done. Outdated versions can have exploits. Available updates are done for you every 1-2 weeks.
- Additional coding measures are taken to prevent snooping.
- Additional login measures are implemented to prevent easy brute force logins.
- Malware scanning happens nightly.
What happens if I get hacked?
Unfortunately, even with security measures and best practices, sometimes, something can happen. This is why you want to be prepared in case disaster strikes.
- Nightly, weekly, and monthly backups of your site exist at all times. These are done for you automatically.
- Daily Backups are nightly. Retention is 10 backups.
- Weekly Backups are at the beginning of the week (Sunday). Retention is 4 backups.
- Monthly Backups are on the 1st and 15th. Retention is 4 backups.
- If disaster strikes, a backup of your site can be pulled within minutes of notification.
- If you get hacked, a deeper evaluation of your site will begin to find the source of the problem and where security may need to be reinforced.
Do your servers provide PCI Compliance?
- Restrict database access
- Disable HTTP OPTIONS method
- Restrict access to DNS
- Upgrade to the latest version of Exim
- Disable FTP plaintext authentication
- Disable ICMP timestamp responses on Linux
- Disable IMAP plaintext authentication
- Disable POP plaintext authentication
- Disable SMTP server EXPN and VRFY commands
- Disable SMTP plaintext authentication
- Disable SSLv2, SSLv3, and TLS 1.0. The best solution is to only have TLS 1.2 enabled
- Disable TLS/SSL support for 3DES cipher suite
- Disable TLS/SSL support for DES and IDEA cipher suites
- Disable insecure TLS/SSL protocol support
- Disable TLS/SSL support for RC4 ciphers
- Disable TLS/SSL support for static key cipher suites
- Generate random Diffie-Hellman parameters
- Upgrade ISC BIND to latest version
- Use a Stronger Diffie-Hellman Group
How do cPanel updates work?
How often is the server software updated?
What about Firewall and DDoS Attacks?
Where can I find SOC1 or WCDC documentation?
Where is storage location for any data that is accumulated?
Unless customers configure transport, CDN, or other replication, all data files for your website are maintained on a Elite1726 server in the West Coast Data Center (LA) or East Coast Data Center (VA).
*Note: these items could change at any time. If PCI compliance is important to you, you should run your own server scan to determine what may be required.