AZDIGI has integrated the Imunify360 security tool into all web hosting services and it has long been a mandatory security standard on our Web Hosting service system. In this article, AZDIGI will analyze the benefits that Imunify360 brings to WordPress security.
Powerful malware scanning
WordPress is an open-source CMS, and features are extended through software plugins, although a great advantage, plugins in WordPress have many potential security risks due to negligence in programming, or security vulnerabilities in the included libraries.
Therefore, malicious code will be prioritized to plug into the vulnerabilities of Plugins in WordPress and that is why WordPress users are often infected with malicious code if they do not regularly update the plugin/theme versions. being installed.
Imunify360’s malware scanning feature will work in the background on the server and automatically check for newly uploaded PHP files, if it detects files with unusual code, it will automatically remove part of the code. maliciously or completely quarantine the infected file.
In addition, the malware scanning system will also scan the entire server periodically (daily or weekly) to remove all infected files.
This can disrupt websites with existing malicious code that is silently operating in the website, but it will reflect the security health of the website so that users can intervene early to handle it before it has been detected.
Web Application Firewall (WAF)
Another feature that will help your website reduce the risk of being accessed by bots that exploit malicious code, spam bots, etc. is to limit abnormal access. The website will appear a captcha interface and the user needs to confirm that it is not a bot to continue if it is an unusual visit.
According to our observations, each Web Hosting service server at AZDIGI blocks about 15,000 unusual visits per day, which shows that if it is not equipped with a firewall, the website will face many security risks.
Reduce Brute-Force Attacks for WordPress
WordPress is a popular open source, so hackers always have tools available to automatically detect newly created websites in the world, then send login commands with continuous password detection algorithms for users until the correct password is found, this is called a Brute-force attack.
Victims of this type of attack often have common usernames such as
administrator, the same name as the website domain name along with a common password, or have been leaked from other sources if using the same password.
Therefore, Imunify360 has added a feature called WordPress Account Compromise Prevention to prevent the risk of webmaster account exploitation based on weak or leaked passwords.
When customers receive this message, it means that the website admin account is at risk of being hacked easily and needs to perform a new password reset immediately to be able to access the website.
When malicious code already exists in the source code but for some reason has not been removed, Imunify360 also has a second layer of protection that is to prevent PHP code from being executed abnormally on the server. Every time it detects that a PHP code is executed, Imunify360 will conduct an analysis and will block execution if an anomaly is detected.
In case these PHP codes are not unusual, users can completely turn off this feature so as not to affect the operation of the website.
Thus, if the server is not equipped with Imunify360, it will face many potential security risks among customers. Although all Hosting servers have been equipped with the CloudLinux operating system to completely isolate hosting accounts on the same server to prevent cross-infection, hackers can still take advantage of vulnerabilities in the source code. to exploit the website if not prevented in the first place.