Managed WordPress Hosting
What is Managed WordPress Hosting?
Behind every successful website is a powerful hosting provider, and WordPress sites are no exception! If you want your website to have blazing-fast performance, rock-solid security, and stop causing you and your team headaches, you need to move it to a managed WordPress host
Most hosting companies offer some type of support, but with a managed WordPress provider, you can trust that their support team fully understands WordPress. And not only understand it, but are experts in it.
This means they’ll be able to recognize the difference between a potential plugin conflict, a tricky theme, or a server-level issue. They’ll know exactly what settings a WordPress site needs to run at optimal performance. And they’ll have reputable recommendations if you have other WordPress-related questions.
Because a managed hosting provider is focused on a single CMS, the people behind the product will be more experienced in it and able to help with a wide variety of WordPress questions. That’s not to say you can’t find great support with other types of hosts, but your odds are a little better when working with a company that knows WordPress inside and out.
Plus, managed hosts tend to prioritize the support they offer their customers, meaning you’ll find things like 24/7 chat, in-app ticketing, or community forums. Using a managed WordPress host is kind of like having an outsourced IT department full of experts that you can tap into at any time. A pretty nice perk when you’re running a business!
Free SSL with managed WordPress Hosting
What is a SSL?
What is SSL? SSL stands for Secure Sockets Layer, an encryption technology that was originally created by Netscape in the 1990s. SSL creates an encrypted connection between your web server and your visitors’ web browser allowing for private information to be transmitted without the problems of eavesdropping, data tampering, and message forgery.
To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on your web server. When a web browser is using an SSL certificate it usually displays a padlock icon but it may also display a green address bar. Once you have installed an SSL Certificate, you can access a site securely by changing the URL from http:// to https://. If SSL is properly deployed, the information transmitted between the web browser and the web server (whether it is contact or credit card information), is encrypted and only seen by the organization that owns the website.
Millions of online businesses use SSL certificates to secure their websites and allow their customers to place trust in them. In order to use the SSL protocol, a web server requires the use of an SSL certificate. SSL certificates are provided by Certificate Authorities (CAs).
Is my site an e-commerce site that collects credit card information?
For most e-commerce sites, you absolutely need an SSL certificate! As an online merchant, it is your responsibility to make sure the information you collect from your customers is protected. This will shield you and your customers by making sure that no one can intercept and misuse their credit card information.
Your customers are providing you with very important and personal information that allows access to their hard earned money. If an identity thief gets access to your customer’s credit card information because you didn’t take the necessary precautions, it can be devastating to you and to your customer. Your customers need to know that you value their security and privacy and are serious about protecting their information. More and more customers are becoming savvy online shoppers and won’t buy from you if you don’t have an SSL certificate installed.
If you accept credit card information and store it in a database so you can process it using an offline POS machine or charge it manually on your merchant account’s website, then you definitely need an SSL certificate to secure the credit card data as it is transferred. You also need to be very careful with the data when it is stored on your servers. Learn more about PCI Compliance and SSL and the requirements of protecting stored credit card information.
How we protect your wordpress site
WordPress core files are locked down
One of the great things about WordPress is that everything is built around the same core software. This allows plugin and theme authors to create awesome tools and designs that can be used by anybody running WordPress.
One of the not-so-great things about WordPress is that the same core that makes plugin and theme development easy can also make spreading malware easy. Hackers love code shared by a large number of people since it allows their malicious changes to one piece of software to then to achieve wide-spread damage. What better place to make these kinds of changes than in the set of files every WordPress site is guaranteed to have: the WordPress core?
On Flywheel, nobody can overwrite your WordPress core files.
Everything in your WordPress install is locked down tight, aside from your custom content. Does somebody want to edit your wp-config.php file in order peddle creepy products on your site? Not on our watch!
Automatic WordPress updates
In order to prevent outsiders meddling with your stuff, we make sure your site is running the latest and greatest version of WordPress. These updates often include security patches, which close any doors and windows that hackers may have found in previous versions.
On Flywheel, these updates are automatic and usually happen within a few days of their release.
Insecure passwords? Not on our watch.
Although it may not seem like a big deal, having hard-to-guess username and passwords really goes a long way on WordPress. Due to the uniform structure of WordPress, a lot of web bots will crawl across websites, simply appending a
/wp-admin to the domain name. If the page loads, the bot will start trying username and password combos starting with some of the most common insecure passwords. So if you have a user named
admin and a password of
password1234, you’re at a pretty high risk of getting hacked.
That’s why Flywheel goes to great lengths to ensure that our customers use strong passwords. From our app to WordPress itself, if you try to create a new password that doesn’t make the cut, we’ll let you know.
Intelligent IP blocking
Intelligent IP address blocking on Flywheel detects intruders and blocks them across all sites on our servers within seconds.
We monitor popular points of entry for hackers and immediately lock out any IP address trying to get through. These points include:
- Failed SSH Access Attempts
- Failed WordPress Login Attempts
- Spam WordPress Comments
- XMLRPC Connections (which we fully block by default)
Flywheel uses a variety of techniques to block traffic starting with preventing known malicious IP addresses from opening a session with the server, which is a very severe and immediate action. Another softer layer of security we provide is our proprietary caching ban. This method detects “banned” access attempts and displays a cached page to the visitor stating that their connection has been banned. This method stops the connection at the highest layer of the Flywheel software stack and utilizes the fewest server resources while still presenting a user-friendly response. In the rare of occasion that a user has forgotten their password and keeps trying dozens of time in just a few minutes, they’ll see a ban page but will be presented with easy, on-screen instructions to get their IP un-banned.
Since banned IP information is shared across sites, we develop a kind of “herd immunity” to malicious actors in real time as the attacks come in. So your site’s protected from hackers before they even try to attack your site.
We pride ourselves on keeping the bad guys out of your site’s files and database through the preventative security measures mentioned above. That being said, malware prevention is an ongoing cat and mouse game where systems have to react and adapt to the ever-changing security gaps introduced by third-party plugins, third-party themes, or weak passwords.
In the event that you find your site has been compromised by a plugin or theme vulnerability, Flywheel’s Happiness Engineers can jump in right away and get to work cleaning up the infection. We’ll also notify you of our progress along the way.
If we learn of a wide-spread malware vulnerability within a particular plugin, we will send out messages to owners of all sites currently running the vulnerable versions of this plugin and will encourage them to update to the latest version or remove the plugin.
Free malware removal
In the rare event of a site getting hacked, our incredible support team of WordPress experts will quickly and carefully remove the malware for you. For free.
Steps that you can complete while we’re working on cleanup are updating all themes and plugins on the site to their most recent version, uninstalling any plugins or themes that aren’t being used any longer, and updating all admin user passwords to something as strong as possible. Since outdated plugin/theme versions and insecure passwords are overwhelmingly the cause behind WordPress sites becoming infected with malware, taking care of these updates as soon as possible will also help us to ensure the site stays clean while we’re working on it.