Website Security
Website security is a big deal, and we take it very seriously.
Server WAF (Web Application Firewall)
All sorts of attacks can be launched against your website, including XSS (Cross-site scripting) and SQL injection. With a server-based WAF, we can block those requests before they reach your website. Our Modsecurity WAF uses thousands of rules curated by Atomicorp.
Htaccess file
At the website level, we use a .htaccess file to block web access to files and directories that could compromise your website. It also disables access to PHP Easter eggs and protects against click-jacking.
On-site WAF
The on-site WAF is part of your website and protects against brute force and dictionary attacks. A brute force attack is when an attacker runs a script to attempt to log into your website over and over until it finds a username/password combination that works. Repeated hacking attempts will temporarily block the attacker's IP address after only a few tries.
A dictionary attack uses a list of commonly used usernames (like your email address) and passwords (like password123) for the same purpose. Like above, the WAF will temporarily block the offender's IP address.
The WAF protects the website's admin section by assigning a custom secret URL. Multiple failures to use the correct URL will temporarily block the attacker's IP address.
Multiple hacking sessions will cause the hacker's IP address to be permanently blocked.
Website Backups
We back up every website on our servers every day. No exceptions. We back up Premier and Dynamic Websites to Amazon AWS. We keep thirty days of backups ready for immediate retrieval. We retain Backups from the first of each month in AWS Glacier for six months.
Software Updates
We manage the software for all websites from a central console and quickly apply software updates, often on the day they are released. We also maintain a running database of all program changes on our websites. If your website is hacked, we can tell what files were changed and when the changes occurred. We can then restore a backup from before the hack, close the security hole and get your website back online with minimal downtime.
Security Limited Guarantee
We are so confident in our security systems that if your website is hacked due to a software vulnerability, we will fix it for free.
Back