Administrator login protection
One of the main entry points for hackers is your login. First, they’ll try “admin,” “administrator,” “password,” your email address, all the obvious ones, but they also have bots that will try thousands of combinations of usernames and passwords until they hit on a match. These are called “brute force attacks.” To prevent a brute force attack, our administrators use only randomly generated passwords, with combinations of caps, lowercase, numbers, special characters and symbols, and we change them frequently.
However, if you decide to set your own password, we will insist on the following, at a minimum:
- Your password MUST be at least 8 characters long.
- Your password MUST contain at least one symbol and one number.
- Your password MUST NOT relate in any way to your email address. That is, you CANNOT use anything to the left of “@” as your password.
Better to just use a randomly-generated password, which we will set up for you.
Only the Most Reliable Plugins
SuperPage builds sites in WordPress, the most powerful and widely supported open-source development platform. One of the very best — and worst — things about WordPress is plugins. What is a plugin? The WordPress codex says it best:
“Plugins are ways to extend and add to the functionality that already exists in WordPress. The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat. Plugins then offer custom functions and features so that each user can tailor their site to their specific needs.”
There are over 49,000 WordPress plugins, and therein lies the problem. Some plugins are highly reputable, some aren’t. Plugins that are sloppily made and rarely (if-ever) updated are prime targets for hackers. In fact, poorly designed and maintained plugins are the principal means by which a hacker will gain access to your site. SuperPage only uses reliable, reputable, frequently updated, and highly-rated plugins, and we never install more plugins than absolutely necessary. Further, we auto-update plugins if the plugin offers it, but if not, we regularly scan your site for updates. Finally, if a particular plugin is either no longer necessary, or becomes out of date, we delete it and find you a better one.
Database Cleanup, Caching, Performance
After pages, plugins and/or themes have been updated, we routinely clean up the database for “transient” entries. Then, we clear the cache so that all changes will be visible on all browsers, worldwide. If we notice a slowdown, which has not been determined to be the fault of the ISP (which it usually is), we run performance tests to bring your site to the quickest possible load time. Here’s more info:
- Rendering. When a page is rendered on your site, php and mysql are used, so the system needs RAM and CPU to render it. If many visitors come to your site, or even if a few visitors are viewing your site simultaneously, the system uses lots of RAM and CPU, so the page is rendered more slowly. If there’s a coordinated attack from bots around the globe, your site can shut down altogether, regardless of whether or not the bad guys get in. Caching generates a static html file and saves it. This decreases load times significantly by reducing the need for re-generation of php and mysql, it effectively allocates resources, and it can keep your site online even under severe conditions. When a new page or post is published, all cached files are deleted, which assures your visitors of the most recent information.
Each time a hacker attempts entry into your site, we’re notified. To us, these notifications are high-tech interpretations of Little Richard’s classic rock-and-roll song, “You Keep-A-Knockin’ But You Can’t Come In.” In some cases with popular sites, hackers from everywhere, Istanbul, Moscow, Singapore, Guongdong, Las Vegas, etc., will “keep-a-knockin” hundreds of times a day. We make note of all attempts, and we permanently block the bad guys’ IP addresses.
Special attention to uploads
Often, web designers forget to assign permissions for the WordPress media folder, so attackers can use it to store backdoors, etc., sometimes hidden inside image files. That’s why we always use the “disable code execution in the uploads directory” option. This option means that even if a hacker were able to upload something to this directory, which should only have media files in it in the first place, they will not be able to execute the code they put there. And we reject any plugin that uses the media folder for files.
Only the most reliable themes
A theme is a series of compatible graphical layouts with code, call it a “framework.’ A theme gives a site its look and feel. Similar to plugins, themes are offered as third party structural components for a WordPress site. And much like plugins, some themes are better than others, and bad themes are susceptible to hackers. Out of date and/or unreliable (buggy) themes are prime targets. SuperPage only uses the latest versions of third party themes that are proven reliable and well-supported, and we go to extra lengths to keep them up-to-date on your behalf.
Backups and scans
Prior to performing any significant update to your site, e.g., updates to WordPress, plugins, themes, a new page, significant content changes, etc., we backup everything, on both cloud and local servers. This gives you that assurance that you can always go back to a previous version and nothing will be lost. If we get a notice that an issue has occurred on your site, critical or non-critical, we fix it immediately. Your SPI site is always up-to-date and clean as a whistle. Sorry, bad guys!