At WPX we value security, that’s why our WPX Security Team cleans Malware from websites hosted with WPX without any charges, however, there are some basic rules and standards that we want to outline for our customers.
This article outlines optimal practices and recommendations to ensure the security of your site, irrespective of its size or configuration, such as a blog, eCommerce store, membership site, etc.
Best practices for keeping your websites safe.
The security of your website is a 2-way street: WPX & YOU. Although WPX takes security very seriously, there are some things that you must do to keep your websites safe.
Here is what you can do for your website’s safety:
- Always use strong passwords for every admin account.
A strong password contains over 12 characters including numbers and special symbols.
It is important to occasionally update your passwords and not share them with anybody. Instead, create other temporary users for the people you want to work with on your site, then remove the user after the project is complete.
This site can generate complex (meaning safer) passwords for you.
- Keep your WordPress, plugins, and themes up to date.
Most of the security risks or situations that occur in websites are breaches through an outdated plugin/theme or old WordPress version.
Despite their good efforts, one unfortunate reality of WordPress plugins is that even when they are kept completely up to date, there still may be an as-yet-undiscovered vulnerability that hasn’t been patched by the vendor.
- Do NOT use cracked/nulled plugins and themes.
In most cases, they have an easy backdoor for a hacker to exploit your websites.
These kinds of plugins are also a direct violation of our Terms Of Service and may result in expulsion from WPX.
- Use the most recent PHP version for your website(s), if possible.
It is important to do so since it is yet another big step towards better security of your website, it doesn’t only affect security but speed as well.
Old PHP versions have different bugs and setbacks that are fixed with the newer ones which offer faster caching and performance for your site overall. Here you can find how you can change the PHP version of your website.
Of course, we won’t require you to be on the latest PHP version but at least on the last version that is still supported by your current themes/plugins.
What is WPX Policy in regards to infected websites and cleaning them?
WPX’s high-speed servers are completely secure to the point where even if an infection on your website occurs, main server functionality is kept intact. You can read more about what we do to protect your websites here.
As discussed above, the main reasons for WordPress sites to get hacked are old PHP versions and outdated plugins/themes – so please remember that updating these is your responsibility, NOT WPX’s.
If a website infection happens with malicious code – despite your efforts to keep the website secure – the WPX Security Team will clean your website for free.
What happens when the Security Team is cleaning your site?
- WPX’s Security Team will remove all malware code. However, during the process, WordPress Core files could be re-installed. The same goes for specific files connected to the source of infection (plugin/theme or further developed files and code).
- There are certain cases where you will need to re-install the plugin/theme if it is not working correctly after the malware cleanup (e.g. a paid plugin requiring a login to the original vendor where the plugin was purchased).
- After the malware is removed, our Security Team will provide you with additional recommendations and information on how this situation can be avoided for future reference,
For example, they will send you:
1. The source of the infection if possible to trace (where it came from);
2. Recommendations that need to be followed to protect your websites from further infection.
WPX will refuse to remove the malicious content from your website/s if:
- You refuse to follow the recommendations provided by the Security Team;
- You make us disable layers of protection provided by us such as LiteSpeed reCaptcha;
- You restore the cleaned website from an infected backup;
- You refuse to change/remove/update certain plugins/themes despite obvious vulnerabilities;
In such cases, you will be obligated to clean the malicious content from your website in 7 days by your means (e.g. via Sucuri’s paid malware cleanup service).
If the malicious code is not removed within 7 days, WPX will be forced to disable the website rendering it no longer publicly accessible.
If you have any other questions on the topic, don’t hesitate to contact the WPX Support Team via live chat (use the bottom right-hand widget) and they will respond and help within 30 seconds or less.