1
00:00:01,150 --> 00:00:05,830
In this video we'll look at the different systems hosting companies use to protect their servers against

2
00:00:05,830 --> 00:00:11,050
security attacks and another layer of security is not the only one you'll want to incorporate.

3
00:00:11,180 --> 00:00:16,300
We're dressed as a web site application which should have its own security measures while hosting companies

4
00:00:16,300 --> 00:00:19,280
provide a variety of systems to protect their own servers.

5
00:00:19,360 --> 00:00:24,380
The applications installed on a server like Wordpress are usually the weakest link in security.

6
00:00:24,580 --> 00:00:29,350
By the end of this video you'll have a good idea of what to look for in a hosting company as well as

7
00:00:29,350 --> 00:00:34,630
how to add additional layers of security to your hosting account even before you secure your Wordpress

8
00:00:34,660 --> 00:00:35,920
installation itself.

9
00:00:37,070 --> 00:00:42,650
In this video I'll go through my recommended hosting companies and we'll look at what WordPress dot

10
00:00:42,650 --> 00:00:47,230
org says about security and hardening WordPress.

11
00:00:47,330 --> 00:00:53,510
Hardening is typically a security term for making a web application more secure or hardening its outer

12
00:00:53,510 --> 00:00:54,550
shell.

13
00:00:54,560 --> 00:00:58,800
This is a great page to read at the Codex at Wordpress dot org.

14
00:00:58,970 --> 00:01:01,280
It's called hardening WordPress.

15
00:01:01,360 --> 00:01:04,490
I'm just going to go down and point out a couple of things.

16
00:01:04,490 --> 00:01:09,280
First of all security is not about perfectly secure systems.

17
00:01:09,290 --> 00:01:11,270
This is basically impossible.

18
00:01:11,270 --> 00:01:17,000
It's basically about employing the appropriate controls that within reason can allow traffic to visit

19
00:01:17,000 --> 00:01:23,480
your web site but it limits bots and hackers and other attempts from getting in and compromising your

20
00:01:23,480 --> 00:01:24,620
site.

21
00:01:24,830 --> 00:01:32,240
So there is a complicated dynamic as stated here between hosting companies and the security of your

22
00:01:32,240 --> 00:01:33,850
web site.

23
00:01:33,860 --> 00:01:39,230
One of the main points right here if you read this is that hosting companies make a certain amount of

24
00:01:39,230 --> 00:01:46,490
effort to secure their servers and the hardware that you use at the server and the hosting company may

25
00:01:46,520 --> 00:01:53,810
have some different levels of security and we'll talk about which hosting companies do what but what

26
00:01:53,810 --> 00:01:58,050
they're really designed to do is protect their own servers from being hacked.

27
00:01:58,100 --> 00:02:05,360
When you install WordPress on a hosting companies servers it is your responsibility to secure those

28
00:02:05,360 --> 00:02:07,320
web applications as well.

29
00:02:07,340 --> 00:02:13,900
On top of what the hosting companies can do all of the Web hosting companies that I use and that I recommend

30
00:02:13,930 --> 00:02:21,700
in this course use something called a web application firewall inside of their servers and their stack

31
00:02:21,820 --> 00:02:29,590
where they host WordPress sites and this is basically a firewall between attempts at hacking and well-known

32
00:02:29,590 --> 00:02:32,980
hacker IP addresses etc. and types of attacks.

33
00:02:33,100 --> 00:02:38,350
Between that and your Web site that's hosted on their services and hardware.

34
00:02:38,620 --> 00:02:44,810
So site Ground employs a very common web application firewall that's an open source one called maade

35
00:02:44,810 --> 00:02:50,800
security and on their mad Security web site is it basically explains what it is.

36
00:02:50,800 --> 00:02:55,590
It's a cross-platform open source web application firewall.

37
00:02:55,720 --> 00:03:04,050
It enables the server to defen h TTP and HDTV as traffic against attacks.

38
00:03:04,060 --> 00:03:10,930
It also allows them to implement specific advanced protections and create ones that are specifically

39
00:03:10,930 --> 00:03:13,660
built for their server space.

40
00:03:13,690 --> 00:03:22,360
Flywheel has a more extensive security system and they have actually free malware removal if your site

41
00:03:22,390 --> 00:03:23,350
does get hacked.

42
00:03:23,450 --> 00:03:26,350
Are going to go in and fix it for free.

43
00:03:26,350 --> 00:03:29,770
They also have security at the server level.

44
00:03:29,770 --> 00:03:37,870
They use a service called security that they're partnered with in order to provide a third party Web

45
00:03:37,870 --> 00:03:39,290
application firewall.

46
00:03:39,310 --> 00:03:47,350
That's probably even more powerful than maade security and at cloud ways they also use a web application

47
00:03:47,350 --> 00:03:49,210
firewall that they've created there.

48
00:03:49,330 --> 00:03:56,220
And even though I've had more Bot traffic to manage in terms of slowing down my site at my cloud Waze

49
00:03:56,430 --> 00:04:03,610
Web sites this has been a great secure platform and they do regularly patch the servers and they host

50
00:04:03,610 --> 00:04:08,420
the applications and they minimize the number of services open to the Internet.

51
00:04:08,770 --> 00:04:12,650
That's what a web application firewall does.

52
00:04:12,690 --> 00:04:18,690
So if you're researching hosting companies for your sites or for your business I'd recommend you ask

53
00:04:18,690 --> 00:04:25,230
about web application firewalls and security processes that are in place at the server level.

54
00:04:26,380 --> 00:04:32,690
Now an additional web application firewall or a layer of security that's provided by a third party that

55
00:04:32,690 --> 00:04:38,660
you can sign up for separate from your web hosting company exists from several third party companies

56
00:04:38,660 --> 00:04:39,500
out there.

57
00:04:39,650 --> 00:04:47,870
Security at securty dot net is a great Web site security company and one of those services is a Web

58
00:04:47,870 --> 00:04:49,280
site firewall.

59
00:04:49,460 --> 00:04:57,080
You can see in their graphic here that they'll allow traffic to come into their network as well as potentially

60
00:04:57,140 --> 00:04:59,210
spam sequel injections.

61
00:04:59,210 --> 00:05:05,950
Hackers brute force attacks and bad bots out on the Internet and they will filter out a lot of that

62
00:05:05,960 --> 00:05:12,350
bad stuff and they'll balance the load and only send legitimate legitimate traffic towards your Web

63
00:05:12,350 --> 00:05:13,370
site.

64
00:05:13,400 --> 00:05:19,580
They do that by altering the DNS and having you point your web site traffic from your domain name to

65
00:05:19,700 --> 00:05:23,740
security first before it reaches your Web site.

66
00:05:23,780 --> 00:05:30,230
Their service is a paid for service and it's probably the best out there for Wordpress CloudFlare is

67
00:05:30,230 --> 00:05:38,180
another service at CloudFlare dot com and they provide a very similar web application firewall for free.

68
00:05:38,180 --> 00:05:43,170
Some of the most common types of attacks are called brute force attacks.

69
00:05:43,190 --> 00:05:51,260
These are actually bots that come to your logon page and they set up services and bots to try and guess

70
00:05:51,260 --> 00:05:54,640
your username and your password.

71
00:05:55,010 --> 00:06:01,280
Now brute force attacks are the most common and one of the problems with these type of attacks is that

72
00:06:01,460 --> 00:06:06,860
this is actual traffic that goes to your Web site and it can slow it down.

73
00:06:06,890 --> 00:06:12,710
And so there's different ways of protecting your Web site against brute force attacks an unauthorized

74
00:06:12,770 --> 00:06:19,340
logging and attempts that might slow down your site and actually eat up your bandwidth as well making

75
00:06:19,400 --> 00:06:23,980
your server space and potentially your hosting cost more.

76
00:06:23,990 --> 00:06:29,870
We'll look at these next type of protections in the next video when we look at security plug ins for

77
00:06:29,870 --> 00:06:32,660
Wordpress specifically.

78
00:06:32,880 --> 00:06:38,910
I encourage you to do your own research to find out what you can about security at the server you choose

79
00:06:38,910 --> 00:06:43,470
to host your web sites as well as different layers that you can incorporate yourself.

80
00:06:43,470 --> 00:06:49,740
There's some great information at Wordpress dot org on hardening WordPress as well as brute force attacks.

81
00:06:49,770 --> 00:06:56,700
Right here this is a great page to read for yourself and I'd recommend checking out CloudFlare and security

82
00:06:56,940 --> 00:06:59,600
with their web site application firewalls.

83
00:06:59,610 --> 00:07:07,950
And then if you do use a hosting company like site ground and flywheel and cloud ways you know you're

84
00:07:07,950 --> 00:07:15,210
already getting an excellent professional and secure service on which you can build your Wordpress security.

85
00:07:15,450 --> 00:07:20,760
In this lesson you learn how your hosting company should provide some level of security filtering in

86
00:07:20,760 --> 00:07:23,160
the form of a web application firewall.

87
00:07:23,280 --> 00:07:28,920
Plus we won over some third party services you can add to further harden your server space against attacks

88
00:07:29,520 --> 00:07:30,520
in the next video.

89
00:07:30,540 --> 00:07:35,640
We'll look at several security plug ins for Wordpress so that you can block the most common areas of

90
00:07:35,640 --> 00:07:41,220
vulnerability for brute force attacks and hacking attempts on WordPress powered Web sites.

91
00:07:41,290 --> 00:07:46,200
Plus you can use these plug ins to monitor the traffic to your site continuing to improve your site's

92
00:07:46,200 --> 00:07:48,350
security and speed over time.