The State of WordPress Security

Security and performance are priority and guide how I manage and host my client websites.

This is not a post I enjoy writing, because I need to figure out how to share critical information without overwhelming you with technical details.

There’s been a big “hullabaloo” happening around WordPress security the last few months, starting with a recent WooCommerce Stripe vulnerability that resulted in one site being hacked, Stripe keys stolen, along with a ton of money stolen from the site owner.  

I take security very seriously, which is why all my client sites are hosted on the GridPane infrastructure which out of the box provides more security than most other WordPress VPS managed hosting.

It’s also why I run weekly updates on my site, why I get immediate notification if there is a security vulnerability, and why if there is a security vulnerability, that plugin gets updated immediately.

The GridPane hosting infrastructure provides security at the server level via their 7G Web Application Firewall and built in integration with Fail2Ban.

I add Cloudlfare, which provides network security by protecting against DDos attacks. 

So think of it like this:

Network level -> Server level – > User level

There’s actually an additional level between server and user, file level, where GridPane also provides protection but I’ll leave that out of this conversation!

But what if a hacker gets your password?

The issue that has come to light in the last few months is mostly at the user level, as WordPress stores passwords using what is called md5 format; this is compounded by the lack of reliable 2 factor authentication protection. 

And this is where Snicco Fortress comes in to save the day!

Sure, there are other 2FA Wordpress plugins, even for free, but they are easily conquered by hackers gaining access to the session cookies.

Snicco Fortress provides 4 layers of protection at the user level, ensuring no one gains access to your site. Ever!

I know it’s a lot to process, but I wanted to provide enough information so you can understand what the issue is and how Snicco solves it.

And this is why I’ve added Snicco to my hosting and maintenance toolbox.

Even if your site doesn’t process payments (via an online payment form or an e-commerce / online learning plugin), hackers gaining access to your site wouldn’t be much fun. And costly to recover from. But if you process payments on your website, hackers gaining access to your site could be a disaster!

With the addition of Snicco, the sites I host are 100% secure at every level (network, server, and user).

Guaranteed.

If something does happen to your site, I’ll take care of it. No additional cost to you.

Simply because I know they are safe and secure.

Photo by Hacker Noon on Unsplash

Posted in WordPress

Share this post