Web Hosting Security
The CourseVector Web Hosting Security Difference
According to a Global Knowledge White Paper, 43% of companies experienced a data breach in 2014. And in 2016, Identify Force reported that data breaches increased by 40%. While some of these breaches are caused by human error, there are plenty of breaches that occur because of malicious behavior.
CourseVector understands this threat. Because your web hosting security is important to us, we work hard to provide our hosting customers with the best protection for your business.
Managed WordPress Web Hosting Security Features
Web hosting security protection begins with our perimeter and web application firewalls. The perimeter firewall monitors all access attempts to any part of your website. This includes all logins including WordPress, FTP, Email, etc. If malicious activity is detected, the IP address of the attacker is locked out and one of our technicians is notified in case additional corrective action is needed. The Web Application Firewall monitors all traffic to and from your website. The firewall uses a form of artificial intelligence and can detect and block security issues, even those that have not been patched. This provides peace of mind during the time when a vulnerability is discovered within your website and when the software vendor provides a patch.
We also employ dual authentication login for most of our hosting clients. Dual authentication requires a user to log in twice, using a different username and password each time. This method offers a second layer of protection to websites on which it is used.
The first authentication screen is activated on a server/system level and happens before access to your actual website is permitted. This offers two benefits:
- A system level authentication can handle thousands of requests per second with little to no system draw. Therefore, attackers who attempt to “overload” a website with login attempts, never actually get to the website to create site degradation issues.
- Attackers are locked out after several attempts and one of our technicians is notified allowing us to take appropriate action. The end result is that most attacks go unnoticed by our clients.
If, per chance, an attacker gets by the first authentication, a second firewall, added to your WordPress by our technicians, will slow the attack and eventually block their IP address. Again, a technician is notified and the first authentication password is changed, effectively setting the attacker back to square one.
Our web hosting security measures are extremely effective in that it simply takes too long to breach one of our managed WordPress websites and getting reset to square one in the middle of an attack will usually cause attackers to give up.
Manual WordPress Maintenance
Finally, the last line of defense is our backup policies. Your entire server is backed up, off site, every few days and archives are kept for up to 1 month. In addition, WordPress managed hosting comes with an automatic, one touch restore, backup that secures all WordPress files, offsite, using the Amazon S3 redundant storage system. Although no backup system is 100% guaranteed, CourseVector takes great pains to use several backup systems with offsite storage. We provide what we believe to be one of the most secure hosting environments available today.
Below are just a couple of the backup systems we put into place to ensure the upmost web hosting security experience.
Updraft is a simple and reliable website backup program that can be administered by almost any user. Installation is a breeze, but proper configuration can be a bit tricky and should be monitored to make sure the software is performing as expected.
More information about the Updraft plugin can be found on their website.
WPTwin works with any version of WordPress and clones all files in the website file directory. Althought these backups need to be manually run this system is etremelly effective, and fast. Before making changes to a website our technicians will first run a backup to minimize downtime should an update bring the site down.
More information about the WPTwin plugin can be found on their website.
*Although many of the above security measures are applied to all of our hosting packages, only the Managed Hosting & Dedicated Cloud Based Hosting has all features and monitors enabled.
Secure Web Forms & Secure Contact Forms
Whether collecting sensitive or non-sensitive PII (personally identifiable information), it is wise to use a secure form, as encryption at rest for this type of information may be required by law. Do not fall victim to a data breach. Use CourseVector’s web hosting security service of a secure online form to safely collect and store PII from your clients and/or customers.
What is PII (Personally Identifiable Information)?
PII, or Personal Identifiable Information, comes in two forms: sensitive and non-sensitive. Sensitive PII includes things like a social security number (whole or trunkated), driver’s license number, or account information. Non-senstive PII can include a name, address, or phone number. Non-sensitive PII can become sensitive when used in combination with other information.
Whether collecting sensitive or non-sensitive PII, it is wise to use a secure form.
How Does Secure Forms Work?
In order to use a secure online form, your website must be accessed through SSL Certificates/HTTPS. CourseVector then creates the form and send you information about how to retrieve the data collected**. When someone fills in a secure online form on your site, you will be notified. In order to access the information, you must log into the system. It’s that simple. Each form is $24 per year to host (form creation, additional users, and maintenance are extra).
**All downloaded information should be stored in an encrypted container for compliance purposes. Additionally, it is important to remember that PII (personally identifiable information) cannot be emailed as this also creates compliance issues.