WordPress Security Features with Malware Scan And Fast Backups

More Security for WordPress

Last update:

As WordPress site managers we take care of our site security features and performance. We have to constantly reduce the risk of malware infections, curate our precious backups, and never lose a millisecond in page load time.

To help you with this, at wetopi we have been working on a bunch of new improvements you can already enjoy.

Table of Contents

WordPress Security Feature #1: Showing WordPress pending updates

The main reason to keep your WordPress site up to date is Security.

To make it easy for you to identify sites with pending updates, now your Wetopi Panel, shows in various places, the well known, red rounded Pending Updates number:

List of WordPress sites with 
pending updates.
The red circled number indicating WordPress pending updates.

WP Security Feature #2: Malware scanner supervised logs

We scan every day your server files to identify malware or hacked sites.

From the very beginning, we have scanned file systems looking for malware. Something that may seem simple, however, represents a headache due to the huge amount of “false positives”. To solve this problem, and automate the monitoring process, we have developed our own database with patterns to filter out “False positives”.

This month we have taken a step forward and exposed the daily results of these Server Scans.

Open WordPress Malware scanner supervised logs

You can check it with a single click in the “Virus Scan logs” button you’ll find in each server Options Menu.

The “Virus Scan logs” will open a modal view with a list of all the curated malware scan log results:

WordPress Security Malware scan log
Malware scan log

In case of major malware alerts, site administrators will also receive an email.

WordPress Security Feature #3: “Expert mode” server panel

If you are one of those who want all the server options at hand, this is for you. Now wetopi lets you enable the “expert mode” in your site’s view:

Expert mode showing WordPress pending updates
Enable the “expert mode” to have all the server info and management options in one place

WP security feature #4 :Free from Hack Guarantee

One of the most importnat WordPress security features we have updated is our service policy to include our new “Free from Hack Guarantee” to all your servers compliant with these two requisites:

  1. Server “Medium” or higher.
  2. No pending WordPress security updates

With our “Free from Hack Guarantee”, we will fix your hacked sites for free! You just have to help us by “closing the main door” by maintaining your WordPress updated.

Don’t leave the keys in your front door

To have pending security updates is making it public that you are leaving the door open to malware.

When you do not update your WordPress Core files, Plugins, or Theme, you create a security risk because it then becomes vulnerable to public threats and attacks. It’s like when you left the keys in your front door!

WordPress Security feature #5: Instant backups

Backups are one of the core features at wetopi. We want our backups to be safe, reliable, and fast.

At wetopi our storage infrastructure allows us to make snapshots “snaps”. As you know, Snaps are incredibly fast, we love that, but snaps comes at a cost.

Although snaps are optimized, they occupy more disk space than incremental backups (delta backups). Another important downside is that we can’t store Snaps outside the data center storage infrastructure.

Besides, snaps don’t dump your database, meaning the database copy is a binary copy. This is important because in case of database inconsistencies we always want to restore the backup with clean database imports.

Taking the best of all backup systems

  1. Speed from snapshots.
  2. Simple and reliable database dumps.
  3. Low disk space with incremental copies.

With the new backup system we take advantage of the snap to take a quick snapshot of your site. However, to ensure that we have a clean copy of the database, before the snapshot, we export the content of the database with a mysqldump.

After the fast snapshot backup, “voila” your site gets free and you can continue with your activity.

But the backup process doesn’t stop here. Now in the background, the new backup system takes your recent snap, creates a volume from this snap, and makes a new incremental.

Once we have the incremental, a copy is synchronized to the external storage (Amazon S3). As you can imagine, we also preserve the local incremental backup. When you request a backup restore, our local storage is always faster than the remote Amazon S3.

Snapshot automated cleanup

The backup rotation cycle is in charge of the cleanup of snapshots. Currently, during the backup rotation cycle, we only preserve the last snapshot. The good news is that this is something you will be able to customize in our next release.

But there’s still more, one more backup feature:

Protected snaps

One of the most requested backup features is the ability to preserve backups. With this new backup system, now you can “protect” your snaps.

WordPress fast backups list

Based on this, when the backup rotation cycle arrives at your protected snap, the cleanup system will respect and preserve it.

WP security feature #6: Your WordPress server with the latest Ubuntu LTS

Our last server OS upgrade has been a major release, and the best part is, your server has been updated without tedious server migrations or any additional cost.

Now all your php7 servers are running the new Ubuntu 20.04 LTS release (LTS stands for long term support).

WordPress are running the latest Ubuntu 20.04

With wetopi, your servers are fully managed.

This not only means we maintain the security and patch updates but also we do the major release upgrades for you.

WordPress security Feature #7: More secure HTTP headers

We have introduced two new default headers to push forward your site’s security.

The first one protects you from clickjacking:

add_header X-Frame-Options SAMEORIGIN;

Typically, clickjacking is performed by displaying an invisible on top of the page the user sees. The user believes they are clicking the visible page but in fact, they are clicking an invisible element in the additional page transposed on top of it.

The second one, the HSTS (HTTP Strict Transport Security)

add_header Strict-Transport-Security "max-age=31536000; preload";

This header tells the browser to interact with your WordPress server using only HTTPS connections. More information on Wikipedia.

We are techies passionate about WordPress. With wetopi, a Managed WordPress Hosting, we want to minimize the friction that every professional faces when working and hosting WordPress projects.

Not a wetopi user?

Free full performance servers for your development and test.
No credit card required.

See how Wetopi stacks up against your current hosting

Migrating sites to us is free and completely effortless on your part.

No hidden small text.
No commitments.
No credit card.

Try before you buy.