At WPX we value security, that’s why our WPX Security Team cleans Malware from websites hosted with WPX without any charges, however, there are some basic rules and standards that we want to outline for our customers.
In this article, we will point out the best practices and recommendations for keeping your site/s safe, regardless of their size or configuration (e.g. blog, eCommerce store, membership site, etc.).
Best practices for keeping your websites safe.
The security of your website is a 2-way street: WPX & YOU. Although WPX takes security very seriously, there are some things that you must do to keep your websites safe.
Here is what you can do for your websites’ safety:
- Always use strong passwords for every admin account.
- Keep your WordPress, plugins, and themes up to date.
- Do NOT use cracked/nulled plugins and themes.
- Use the most recent PHP version for your websitе(s) (if possible).
Of course, we won’t require you to be on the latest PHP version but at least on the last version that is still supported by your current themes/plugins.
What is WPX Policy in regards to infected websites and cleaning them?
WPX’s high-speed servers are completely secure to the point where even if an infection on your websites occurs, main server functionality is kept intact. You can read more about what we do to protect your websites here.
As discussed above, the main reasons for WordPress sites to get hacked are old PHP versions and outdated plugins/themes – so please remember that updating these is your responsibility, NOT WPX’s.
If a website infection happens with malicious code – despite your efforts to keep the website secure – the WPX Security Team will clean your website for free.
What happens when the Security Team is cleaning your site?
- WPX’s Security Team will remove all malware code. However, during the process, WordPress Core files could be re-installed. The same goes for specific files connected to the source of infection (plugin/theme or further developed files and code).
- There are certain cases where you will need to re-install the plugin/theme if it is not working correctly after the malware cleanup (e.g. a paid plugin requiring a login to the original vendor where the plugin was purchased).
- After the malware is removed, our Security Team will provide you with additional recommendations and information on how this situation can be avoided for future reference,
WPX will refuse to remove the malicious content from your website/s if:
- You refuse to follow the recommendations provided by the Security Team;
- You make us disable layers of protection provided by us such as LiteSpeed reCaptcha;
- You restore the cleaned website from an infected backup;
- You refuse to change/remove/update certain plugins/themes despite obvious vulnerabilities;
If you have any other questions on the topic, don’t hesitate to contact the WPX Support Team via live chat (use the bottom right-hand widget) and they will respond and help within 30 seconds or less.