The best defence
is a good offence.
We are constantly
bolstering against attacks.
Rest easy. Our business depends on your security!
Here are some of the most common questions we get about our hosting/security:
What is the backup situation?
We perform hourly backups and nightly snapshots; an archived copy of our entire server.
Amazon’s elastic block storage gives us 99.99999999% fault tolerance. Basically there is no chance that we will lose your data due to hard drive failure.
It is ridiculously replicated and backed up in the cloud.
Where are the servers?
Currently in Virginia and Oregon. We are spread across the continental US in the cloud to protect against weather, earthquake, attacks, etc.
Should there be a catastrophic event in one of these locations, we have the capability to (nearly instantly) rebuild the entire system in a separate location.
I hear that WordPress is vulnerable. What are you doing about it?
WordPress, like any website platform, is vulnerable for those that have little to no experience with website security.
Because WP makes us such a large share of the market, anyone using this platform is at risk of being attacked, but it doesn’t mean that you will be affected.
Just as your body is constantly ‘fighting’ potential attacks, so are we protecting your website.
The most common ways that WP is vulnerable is through an attacker uploading malware or a virus to your site files.
What we do to protect you and our entire network from being affected by this sort of attack is:
- We constantly monitor all uploads
- We disallow php executing in certain upload folders accessible by attackers
- Each client is strategically isolated so that they can’t infect anyone else, should they become infected
Isolation is crucial for good security.
We isolate each user account, each folder disk space, each database, each FTP account.
We also take these additional steps to protect WordPress:
- We do not allow the username “admin”
- We scrutinize every login attempt
- We monitor every file upload
- We block PHP execution in areas that shouldn’t have them
- We take routing backups of the database and the hosting account.
Should something happen we have hourly backups to get you back to normal in as short a period of time as possible.
What about attacks like Heartbleed
We are not hosting websites using SSL so we were not affected by it. In other words all the traffic running through our server is pure text.
In any case, as a precaution, the system was indeed upgraded. But we don’t really worry about this sort of attack because we are not using the SSL.
From Wikipedia: Nginx uses an asynchronous event-driven approach to handling requests, instead of the Apache HTTP Server model that defaults to a threaded or process-oriented approach, where the Event MPM is required for asynchronous processing. Nginx’s modular event-driven architecture can provide more predictable performance under high loads.
We also use a Memcached cluster. We cash database objects as well as full HTML page cache.
All of this mean super speeds, typically at less than 1 second load times.