WordPress Security Monitoring
We recently share information about hackers. If you didn’t catch it take a look here >>> What Is A Hacker & Why They Hack
As an ongoing security measure we are improving our web server and the way we monitor in real-time. Nearly all our websites have been migrated into our WordPress network and are actively monitored using the latest security tools available from our security partner, Sucuri. Below are listed the new features we’ve setup and enabled to protect our clients and ensure the websites we manage are safe gaurded.
2013 Web Security Enhancements for WordPress
Web Application Firewall (WAF)
The WAF is a unique feature that is designed to intelligently protect your sites from brute-force attacks like dictionary attacks and other similar unauthorized access attempts. When a bad IP is identified it is blacklisted in your admin dashboard. If it was an unintentional block, you have the ability to white-list access to any IP.
Why is it so unique?
The WAF is not tied to your application, it communicates with our servers and allows us to see malicious attacks across the network. When one client gets attacked by one bad IP in Croatia, we are able to push preventive measures to every plugin to protect against that IP.
This feature compares your core install against a clean version of core. In other words, if it is not a 1-to-1 match with core you will be notified of a problem.
Future add-ons include:
- Theme Integrity Checks
- Plugin Integrity Checks
- Third-party Integrity Checks
This feature is great for proactive webmasters who want to monitor their website to ensure no unauthorized access or changes are made without prior approval. Monitor your site for changes. This feature monitors for a large number of actions, including:
- Login attempts
- New Posts
- Failed Logins
- New Plugins
- File Changes
- New Users
- New Attachments
- Delete Actions (users and posts)
In our experience a high-percentage of the infections we see every day come from poor management on the end-user’s part. This feature uses common hardening measures that can be taken at any time and helps reduce infection risk.
This feature performs the following:
- Checks software core version
- Hides your version (security through obscurity)
- Upload directory protected
- Secret keys and salts created
- Configuration file hardening/location verification
- Hardening of readme file
- PHP verification