Zone+ Security Monitor for a peaceful night’s sleep

No one doubts the importance of website security today. Nevertheless, in this blog post, we return to the basics and repeat them to be sure they’re clear.

To keep your website safe and secure:

• Regularly update your web application and its plugins.
• Use automatic updates where possible. If you install and manage your application via Zone+, you can turn it on at MyZone.
• Remove unnecessary plugins – Used a tool to migrate your data and no longer need it? Delete it!
• Use secure passwords, password manager and two-factor authentication to manage your content management software.
• Make sure your service provider is secure – use two-factor authentication there too, and make sure the server’s underlying software uses the most up-to-date and secure platform possible.
• If possible, host one website on one server! This way, in the event of a potential security incident, you reduce the risk of malware that has infected one website transmitting infection to the entire content of the server.
• Don’t leave your old websites or websites created for testing on the web server. If possible, remove them or restrict access to them from the Internet.

Once the basic requirements are met, it would be a good idea to implement additional monitoring, because you can never be sure that applications are 100% protected. When it comes to WordPress, often the first random and highly rated plugin is chosen.

While they can indeed be successful in protecting your website from many threats, you should also consider their potential weaknesses:

• You may get a false sense of security – you install the app and just leave it at that, expecting it to do the job
• The plugin is part of WordPress. If any other component of WordPress is compromised, the malware may also disable the security program, making it appear as if there is no malware on the server.
• The plugin is not updated, the producer drops support for the app, or the app is simply not safe.
• The plugin does not see the other files on the server and their contents – so malware could come from somewhere else (e.g. a subdomain).
• Security applications often require fine-tuning and may not work properly without configuration.
• An inadequate application can cause website performance problems with unnecessary queries.
• Not all web applications have an ecosystem such as WordPress. Especially if it’s a custom-made website.

These weaknesses have been a major concern for webmasters and service providers alike for years. To minimise these risks, Zone has been offering Zone+ Security Monitor for almost 10 years.

As the name suggests, it’s security monitoring: like a smoke detector, a security monitor alerts you to potential risks in advance, so that the website administrator can eliminate problems in time. However, the main advantage of security monitoring is that it is not a plugin and it does not reside in the web server’s file system. It is a standalone application that can monitor what is happening in all files across the entire virtual server.

It’s not just a file-scanning tool either – it offers many more features:

• Security monitor analyses the source code of files.
• It pays particular attention to modified files and the website’s configuration files, checking their changes from the databases of various antivirus applications.
• Security monitoring checks the appearance of a website and can detect if it has been defaced. In other words, it can also detect an attack where the malware has only changed the visual aspect of the website.
• The security monitoring takes pictures by scanning the website, so that the user can also check the previous state in case of problems.
• Security monitoring checks the reputation of website’s external links and warns about dangerous links.
• Security Monitoring also checks your website address against various blacklists.
• Advanced and Aggressive packages offer defacement, SSL/TLS and deep anti-virus analysis, as well as frequent website scans.
• Aggressive package also allows you to subscribe to SMS notifications of critical security vulnerabilities.

As with plugins, don’t forget the basics when using Security Monitor: choose the right Security Monitor package depending on your risk tolerance and make sure you do so before you fall victim to an attack. The job of monitoring is to identify potential risks before they occur.

Order the PRO web hosting package and get Zone+ Security Monitor Basic for free for the first year! (PLEASE NOTE! The free first year of the Security Monitor Basic package also applies to current Pro package users).