Lock Down Your Websites With GridPane's Suite of Security Tools
Security is one of the most important but most misunderstood areas when it comes to WordPress. Security is layered throughout our entire platform, and we offer a significant amount of education available on the topic that is freely available.
Airtight Server Security
GridPane Servers are Securely Hardened by Default, No Maintenance Required.
GridPane servers are immediately secured upon their creation, and we’ll run security updates for you so you never have to worry about them.
- Secure SSH keyed access by default
- Strong firewalls & hardened servers
- Maldet and ClamAV Linux malware detection
- Per site/system user isolation of processes
- UFW and Fail2Ban preinstalled
Simple, Highly-Effective WordPress Security Made Easy
Fundamental WordPress security is built directly into the platform, and you can easily use options like forced routing and putting each website on its own system user to keep them isolated and secure.
A+ Grade SSL Certificates
We make provisioning A+ grade SSL certificates quick and simple. Use our Cloudflare/DNSME integrations to provision wildcard SSLs.
Secure wp-config.php
We store the wp-config.php
file one level up from the htdocs
directory to keep it hidden and protected.
Rate Limiting
Out of the box, we rate limit requests to wp-login.php and the admin-ajax endpoint, providing simple but highly effective brute force protection.
Force Routing
Avoid common exploits with forced routing so that your website can't be exploited to redirect your visitors elsewhere.
Website Isolation
Keep your individual websites isolated and secure by creating individual system users. This ensures that if one site was ever to be compromised, it cannot cross-infect any other website.
HTTP Security Headers
We implement security headers by default to ensure security vulnerabilities such as cross-site scripting and clickjacking are automatically prevented.
SFTP and SSH Only
We enforce secure server connections via SFTP and SSH only. No FTP, no exceptions.
Secure PHP by Default
New websites will always be provisioned on an up-to-date version of PHP – unless you go out of your way and manually make it otherwise.
Secure WordPress Users
Newly created websites have strong passwords by default. You also have the ability to set your own default username.
7G WAF & ModSecurity
Web Application Firewalls
All GridPane accounts get access to the highly performant 7G firewall. Developer Plus accounts also get access to a ModSec 3+ compatible WAF with the OWASP 10 ruleset already in place. Tons of customization options like country blocking, paranoia settings, individual IP white/blacklisting, and more.
These will not only help protect your website but will help you conserve resources and improve your performance.
WP Fail2Ban Integration
Fail2Ban is an intrusion prevention software framework that’s highly effective at preventing brute-force attacks. It is enabled on all GridPane servers and protects the SSH port by default. We also offer an integration with the WP Fail2Ban plugin that can keep bad bot traffic off your website by blocking it at the server level.
Bad bot traffic can be a huge resource hog on your servers, and some are outright malicious. They offer no value to you or your clients and can sometimes result in such high resource usage that it becomes the equivalent of a DoS attack.
Not only will Fail2Ban keep your websites secure against brute force attacks, but it can also keep them free of annoying, resource-hungry bot traffic, pingbacks, and comment spam.
*Panel plan and above only.
13 WordPress Hardening Measures
Lock down your site and restrict access to bots looking to identify that you’re running WordPress, and enumerate your WordPress version, admin usernames, scrape plugins and themes, and more.
*Panel plan and above only.
Disable XML-RPC in One-Click
XML RPC is an old, outdated, and insecure method of remotely posting to your WordPress website. If you’re not using it, you should disable it completely.
Block PHP Execution Outside WordPress Loop
We already block PHP execution from wp-content/uploads/*
by default, and you can further dramatically increase your websites security by enabling this hardening measure.
Block Enumeration, Scraping, and More
Additional measures include disabling username enumeration, disabling emojis and RSS, hiding your WordPress version, and blocking trackbacks, OPML linking, upgrade.php, install.php, load-scripts concatenation, and comments.
Fortress Security Plugin Integration
Don’t settle for checkbox security. Fortress provides real world protection your site in the areas most effectively handled at the plugin level, and is deeply integrated into the GridPane stack.
Two-Factor Authentication
A 2FA suite with unique defense-in-depth measures, impervious even if your entire database is compromised.
Password Security
A drop-in, argon2-based password hashing schema that will have hackers gnashing their teeth for decades instead of cracking your password hashes in hours.
Login Protection
Fortress's custom rate-limit implementation stops even the nastiest distributed, multi-IP brute force attacks in their tracks without frustrating captchas.
Session Protection
Fortress brings Fortune 500-level session hijacking and cookie-theft protection to WordPress.
Vaults & Pillars
Never store sensitive data in plain text in the database again! Secure your data with Fortress Vaults, and secure important settings in the wp_options table with Pillars.
*50 licenses included in Developer Plus and above. Sold separately all for other plans.