We’re looking for the bad guys…

…and thooded hacker, a real bad guyhey’re everywhere. They lurk in the deepest darkest dungeons of the internet, and they’re looking for you. You may think your site isn’t one of their targets, but think again. The bad guys have arsenals of sophisticated tools and techniques, they know all about vulnerabilities, and they’re always looking for new ways to get into web sites and wreak havoc. But Superpage is prepared to stop them. We have tools and techniques of our own. If your site has been designed and built by us, you’re safe. Guaranteed. We’re looking out for our customers 24/7, and if a potential vulnerability is spotted, our system alerts us, and the vulnerability is fixed immediately. Hacking of all sorts is on the rise, and that includes everyone from that little creep in his/her parent’s basement to sophisticated troll factories in Russia, China, and North Korea. Bottom line: It’s essential that you protect the investment you’ve made in your site, not to mention your reputation. Otherwise, it’s likely that the bad guys will find you. Believe it!

OK, suppose you decide not to protect your site, or neglect security altogether? Two things will invariably happen: 1) Without a doubt, sooner or later your site will get hacked, and then, the bad guys will do whatever they want with it. On top of that, 2) Google will add the infamous “This site may be hacked” statement, or block your site altogether, which stops potential customers from visiting your site, tantamount to removing you altogether, so that nobody will find you anyway. Once you’re hacked, they’ll never let you go, unless you’re willing to spend thousands to put things right again. So, be smart, build or migrate your site to SuperPage, and we’ll defend you from the bad guys.

Standard Security With All Website Design Plans:

  • Dedicated IP. No way that resources on a shared server can seep into your site.
  • Firewall. Hosted WAF stops malicious traffic before it reaches your site.
  • Malware Scanning. Continuous scans
  • SSL Is Included. Unlike other hosting companies, a secure socket layer is an extra fee.
  • Quarantined Files Notice. Suspicious files can be temporarily locked out, retrievable on notice.
  • Country Blocking. Blocks countries that are clearly engaging in malicious activity.
  • Live Traffic Monitoring. 24 hour monitoring for malware.
  • Antibot Firewall. An ever-growing list of bots that are stopped before getting into your site.
  • Custom IP List. The ability for you to lock out IPs.
  •  Mask Login Protection. Another way to keep users away from your site, or work in progress.
  • Google reCAPTCHA.  Standard means of confirming that a visitor is real and not a bot.
  • CleanTalk Anti-Spam . We include this feature at no cost because of its amazing ability to detect and stop spam.
  • 2FA (optional, no extra cost)
  • Protection From Brute Force Attacks. Hackers are locked out after a set number of failed attempts at usernames and passwords. In addition, they are prevented from gaining information about which usernames may exist on your system.

Additional Included Security:

  • Check if Site IP is Generating Spam. Feeling ignored? Your emails might be trapped. Your legitimate customer emails can be caught in spam filters if another site on your shared IP address is generating a lot of spam. We will use this feature to confirm that your site is running on a clean IP address, and that the shared IP you are using to host your website is not listed as a known source of spam email.
  • Check if Site is Spamvertised. More than a pain, spam is destructive. When your website URL is being used for spamvertising, it can severely impact your SEO rankings and email deliverability. Worst case: Your site will be deleted altogether from the web. Defender Pro checks if your website URL has been flagged for spamvertising, indicating that your site may have been compromised or that you are emailing too aggressively. If spamvertising is found on your site, SuperPage will dig in and destroy the offending pages, which are invisible to most designers, but not us.
  • File Editor Protection. WP comes with a file editor built into the system. This means that anyone with access to your login information can further edit your plugin and theme files and inject malicious code. Defender Pro disables the file editor.
  • Trackbacks and Pingbacks Protection. Pingbacks notify a website when it has been mentioned by another website, like a form of courtesy communication. Ostensibly, a good thing, however, these notifications can be sent to any website willing to receive them, opening you up to DDoS attacks, which can take your website down in seconds and fill your posts with spam comments. Trackbacks and pingbacks are disabled.
  • XML RPC Protection. XML-RPC is a system that allows you to post on your WP blog using popular weblog clients like Windows Live Writer. Technically, it’s a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism. If you are using the WP mobile app, want to make connections to services like IFTTT, or want to access and publish to your blog remotely, then you need XML-RPC enabled, otherwise it’s just another portal for hackers to target and exploit.
  • User Enumeration Protection. One of the more common methods for bots and hackers to gain access to your website is to find out login usernames and brute force the login area with tons of dummy passwords. The hope is that one the username and password combos will match, and viola – they have access (you’d be surprised how common weak passwords are!). There are two sides to this hacking method – the username and the password. The passwords are random guesses, but (unfortunately) the username is easy to get. Simply typing the query string ?author=1, ?author=2 and so on, will redirect the page to /author/username/ – bam, the bot now has your usernames to begin brute force attacks with. This security tweak locks down your website by preventing the redirect, making it much harder for bots to get your usernames.
  • PHP Execution Prevention. By default, a plugin/theme vulnerability could allow a PHP file to get uploaded into your site’s directories and in turn execute harmful scripts that can wreak havoc on your website. Defender Pro prevents this altogether by disabling direct PHP execution in directories that don’t require it.
  • X-Content-Type-Options Security Header Enforced. The X-Content-Type-Options header is used to protect against MIME sniffing attacks. The most common example of this is when a website allows users to upload content to a website, however the user disguises a particular file type as something else. This can give them the opportunity to perform cross-site scripting and compromise the website. Defender Pro enforces the “nosniff” X-Content-Type-Options to prevent MIME type sniffing attacks. Defender Pro also provides several Security Header options to prevent attempted attacks.