In the last few days there has been a lot of buzz about security in the WordPress platform. In particular, we’ve seen articles that focus on WordPress websites in the banking industry and a popular plugin used by millions of WordPress websites.
Understanding WordPress
The platform Thrive has build its business around is based on open-source technology. This means anyone from around the world can add to it to make it better. We have found this to be a huge differentiator for us and our clients. The downside of this, however, is that open-source code is also available for someone to abuse.
This fact hasn’t stopped some of the biggest brands in the world from using WordPress as its primary platform. Ebay, Sony Music, The New York Times, Reuters, and TechCrunch just to name a few. In fact more than 60% of websites who use a CMS are on WordPress.
What Does Thrive Do To Protect Our Clients?
- For clients who host their sites with Thrive we offer a number of security protocols.
- Our server uses a firewall that pulls in lists of known malicious IPs daily and automatically blocks attacks from known hackers.
- We implement WordPress-specific security rules to prevent hacks.
- Our server blocks users with too many failed WordPress login attempts to deter hackers from gaining access to your site.
- Our servers always have the latest security patches in place.
- We also run regular backups to ensure that if your site is hacked, we have a backup ready to go.
- We also install advanced security plugins on each website for more secure protection.
- We have a criteria for selecting plugins we use that include recent updates, number of users, etc.(although these plugins can still be vulnerable they are far more likely to address an issue immediately)
What Actions Do We Recommend For Our Clients?
- The best way to protect yourself from attack is to keep your website and all plugins updated. We do not advise doing this yourself, however, as it may break the functionality of your site. Thrive will upgrade your system and all plugins for a one time cost of $250.
- We also advise you to host your site with Thrive, that is the only true way we can monitor and protect your website. If you are not hosted on Thrive and would like to be migrated over, please contact us for a quote.
- If you wish to remain on your current hosting provider, we recommend reaching out to them to discuss what security measures they have in place or are able to employ.
What to Do in an Emergency
Thrive does not provide 24 hour support, but many of our employees check thier email throughout nights and weekends. If you have an emergency related to a site hack you can call us at 817-642-9686 or email us at [email protected].
If you have any questions, please call us!
