Earlier today, online security company Wordfence posted a blog entry with five security questions you should ask your web host. You can see the post on the Wordfence website. As we looked over our security, we thought it would be helpful to answer those questions for you.
For security reasons, we’re not going to go into great detail but this is how we scored.
Are you running up-to-date versions of the following products: cPanel, operating system, caching technology, PHP, phpMyAdmin and MySQL?
Absolutely. All WordPress sites are running on PHP 7, which is recommended by WordPress. Sites with other CMSs are running on PHP 5.6. We don’t support PHP versions below 5.4. cPanel, operating system, caching, phpMyAdmin and MySQL are all the latest versions.
Are you completely isolating hosting accounts from each other? Or is it possible for one hosting account to read files in another account on the same server?
Yes and no. In that order.
Are my server logs available and how long are they kept?
You can see various logs and metrics via your cPanel account. The server logs are kept for 30 days.
How are you backing up my site and how long are backups being retained?
Sites are backed up on a daily and weekly basis and are stored securely on Amazon S3. Daily backups are retained for 7 days. Weekly backups are retained for 6 weeks. This includes all your email accounts and the server files.
Does my current hosting plan allow me to enable HTTPS?
Yes. If your site is on Server 1, the answer is yes if you purchase your own SSL certificate. If it’s on Server 4, not only is the answer yes, but we also offer FREE SSL certificates. It is vital that all e-commerce sites have SSL certificates and all our e-commerce clients are on Server 4 for that reason. We are in the process of migrating Server 1 clients to Server 4 so SSL will be available for those clients soon.
UPDATE (8 May 2017): Server 1 now supports FREE SSL certificates. We’re no longer migrating Server 1 clients to Server 4. If you’ve purchased an SSL certificate previously, just allow it to expire and the server will generate a free one automatically.
Website security has been big news recently but we find it’s something site owners aren’t too clued up on. Hopefully the answers to these security questions will prompt further questions from our current and prospective clients that we’ll be only too happy to answer.