Webhosting & WordPress Security 4 security measures at JohnnyVPS

Enterprise Security

1. Updated software and latest security patches

We run the latest server software and modules, installing security updates as soon as they’re released. Other hosts may be poorly managed, not installing the latest patches or cutting corners by understaffing their team and not maintaining their servers as often.

2. DDOS protection

Automatic DDOS protection on layer 3 & 4. Somebody wants to bombard our server with tons of fake requests? Let them try! Our DDOS protection prevents aggressive hackers from bringing down your site OR even slowing it down.

3. Brute force protection for WordPress

Here at JVPS, your “wp-admin” urls are automatically protected against brute force attempts. No need to waste your time/money security plugins that try to do the same. Those plugins ends up slowing down your site since they process security a the PHP level whereas we handle it at the server level.

4. Secure logins and 2-factor authentication

Every user account is given a unique username and strong password. You can also enable 2-factor authentication so no one gets into your webhosting account even if they do have your passwords. The server will automatically ban any IP with more than 5 failed attempts within a minute.

5. Automatic server backups

In the worst case scenario, we can restore the last weekly or monthly backup of the site.


YOUR security responsibility

We can only secure the server, the hosting environment, and (to some degree) the WordPress admin login. It is still [mostly] your job to secure your WordPress site!

  1. Update WordPress core, themes, and plugins – Keep everything updated to ensure you have the latest security patches on all your software. Beware that some updates may break your website’s design or functionality. In which case, it’s always handy to have a developer around to assist with upgrades!
  2. Use the latest PHP version – Go to cPanel > MultiPHP > choose the latest PHP version available. If your site fails to work with the latest PHP version, this means you have an outdated theme or plugin that wasn’t yet updated to work with the latest PHP.
  3. Use only well-coded themes and plugins – We understand non-coders cannot tell which themes and plugins are coded well or not. Fair enough. Read around, ask reviews, and speak to experienced developers. The best coded themes/plugins are not only more secure but also better performance without slowing down your site.
  4. Use unique usernames & strong passwords – Avoid obvious usernames such as “admin” or “root”. Avoid obvious passwords such as “password” or even “p@ssw0rd”, or “1234”, etc.
  5. Don’t reuse same user/passwords between your databases – Make it so that any hacker with access into one your databases cannot gain access into your other databases with the same password.
  6. Don’t reuse same passwords between WordPress and other web accounts – just about every hacker that has found any of your passwords will immediately try that password on all your other accounts using your email (email, PayPal, Amazon, ebay, Facebook).

Want to learn more about server and website security? Read more to understand website hacks.