Web Hosting Security
The CourseVector Web Hosting Security Difference
According to a Global Knowledge White Paper, 43% of companies experienced a data breach in 2014. And in 2016, Identify Force reported that data breaches increased by 40%. While some of these breaches are caused by human error, there are plenty of breaches that occur because of malicious behavior.
CourseVector understands this threat. Because your web hosting security is important to us, we work hard to provide our hosting customers with the best protection for your business.
Managed WordPress Web Hosting Security Features
Web hosting security protection begins with our perimeter and web application firewalls. The perimeter firewall monitors all access attempts to any part of your website. This includes all logins including WordPress, FTP, Email, etc. If malicious activity is detected, the IP address of the attacker is locked out and one of our technicians is notified in case additional corrective action is needed. The Web Application Firewall monitors all traffic to and from your website. The firewall uses a form of artificial intelligence and can detect and block security issues, even those that have not been patched. This provides peace of mind during the time when a vulnerability is discovered within your website and when the software vendor provides a patch.
We also employ dual authentication login for most of our hosting clients. Dual authentication requires a user to log in twice, using a different username and password each time. This method offers a second layer of protection to websites on which it is used.
The first authentication screen is activated on a server/system level and happens before access to your actual website is permitted. This offers two benefits:
- A system level authentication can handle thousands of requests per second with little to no system draw. Therefore, attackers who attempt to “overload” a website with login attempts, never actually get to the website to create site degradation issues.
- Attackers are locked out after several attempts and one of our technicians is notified allowing us to take appropriate action. The end result is that most attacks go unnoticed by our clients.
If, per chance, an attacker gets by the first authentication, a second firewall, added to your WordPress by our technicians, will slow the attack and eventually block their IP address. Again, a technician is notified and the first authentication password is changed, effectively setting the attacker back to square one.
Our web hosting security measures are extremely effective in that it simply takes too long to breach one of our managed WordPress websites and getting reset to square one in the middle of an attack will usually cause attackers to give up.
Manual WordPress Maintenance
Finally, the last line of defense is our backup policies. Your entire server is backed up, off site, every few days and archives are kept for up to 1 month. In addition, WordPress managed hosting comes with an automatic, one touch restore, backup that secures all WordPress files, offsite, using the Amazon S3 redundant storage system. Although no backup system is 100% guaranteed, CourseVector takes great pains to use several backup systems with offsite storage. We provide what we believe to be one of the most secure hosting environments available today.
Below are just a couple of the backup systems we put into place to ensure the upmost web hosting security experience.
Updraft is a simple and reliable website backup program that can be administered by almost any user. Installation is a breeze, but proper configuration can be a bit tricky and should be monitored to make sure the software is performing as expected.
More information about the Updraft plugin can be found on their website.
WPTwin works with any version of WordPress and clones all files in the website file directory. Althought these backups need to be manually run this system is etremelly effective, and fast. Before making changes to a website our technicians will first run a backup to minimize downtime should an update bring the site down.
More information about the WPTwin plugin can be found on their website.
*Although many of the above security measures are applied to all of our hosting packages, only the Managed Hosting & Dedicated Cloud Based Hosting has all features and monitors enabled.
Secure Web Forms & Secure Contact Forms
Whether collecting sensitive or non-sensitive PII (personally identifiable information), it is wise to use a secure form, as encryption at rest for this type of information may be required by law. Do not fall victim to a data breach. Use CourseVector’s web hosting security service of a secure online form to safely collect and store PII from your clients and/or customers.
What is PII (Personally Identifiable Information)?
PII, or Personal Identifiable Information, comes in two forms: sensitive and non-sensitive. Sensitive PII includes things like a social security number (whole or trunkated), driver’s license number, or account information. Non-senstive PII can include a name, address, or phone number. Non-sensitive PII can become sensitive when used in combination with other information.
Whether collecting sensitive or non-sensitive PII, it is wise to use a secure form.
How Does Secure Forms Work?
In order to use a secure online form, your website must be accessed through SSL Certificates/HTTPS. CourseVector then creates the form and send you information about how to retrieve the data collected**. When someone fills in a secure online form on your site, you will be notified. In order to access the information, you must log into the system. It’s that simple. Each form is $24 per year to host (form creation, additional users, and maintenance are extra).
**All downloaded information should be stored in an encrypted container for compliance purposes. Additionally, it is important to remember that PII (personally identifiable information) cannot be emailed as this also creates compliance issues.
Encrypted hosting adds a layer of protection by encrypting website data at rest. Encrypted backups protect your website data in the event someone tries to steal the data physically. Even if someone makes off with the drive on which website data is stored, the data is encrypted making it much harder to steal. The data never appears on the disk in plaintext.
Encrypted Messaging System
Online safety and PII protection is essential in today’s tech world. CourseVector offers an encrypted messaging system designed to protect sensitive information when being sent or received through our messaging system. Our encrypted messaging system can be custom tailored to match your website colors and logos providing you with a professional and custom look.
Information encryption is known as the process of encoding information in a way that only authorized parties can access it. With our encrypted messaging service information such as passwords and other personal identifiable information (PII) is encrypted to ensure privacy and avoid unauthorized access. Once a message has been received and opened, our encrypted messaging system will ‘self destruct’ to ensure privacy.
Creating and sending the encrypted message.
The email that is sent with a link to the encrypted message.
Displaying the encrypted message.
Encrypted Messaging System Costs
Initial Setup Fee: $60.00
Management Fee: $120.00 a year
Management Fee: $120.00 a year