Security

Security

lockSecurity. It is a challenge for everyone, but as WordPress grows in popularity, so do attempts at breaching the basic, built-in security that ships with WordPress.

At JensenWorks Technology, we have always taken security very seriously. In fact, with absolutely every single new website we build, the very first thing we do is lock it down. We do this within seconds of each fresh installation.

Alas, there is another factor when it comes to the health and security of websites and that is the speed by which things can be delivered during a so-called “brute force” attack. Now, although we are confident that a brute force attack will almost never result in an actual access breach, it does still tax a website, so we are taking things to the next level to accommodate this.

#1) We are adding a captcha code to every single login screen, thus requiring that the attempts to access be non-automated.

#2) We are adding two-factor authentication to all administrator accounts, thereby ensuring that even if, by some miracle, a breach occurred, without YOUR device in hand, the would be hacker still can’t get in.

#3) We have updated our master administrator username to something very nontraditional and bolstered our master passwords across the board to include more character case changes, more punctuation and symbols and be much longer.

This being the case, if you are a client, and you find yourself unable to properly authenticate yourself, we want you to know that this was our doing and we are here to help. A quick call or an email and we will get you in and keep you in while keeping those who should not be in, out.

We understand that this may take a little getting used to, but when it comes to security, best not to learn the hard way. We appreciate your understanding.

The Actual Security Implementation We Have in Place

  1. Limit Login Attempts Plugin Installed
    • Default Settings + Notify Admin Set
  2. Whitelist IP For Limit Login Attempts Plugin Installed
    • Default Settings + Our Current IPs Set
  3. Duo Two-Factor Authentication Plugin Installed
    • Settings Configured as Per the Duo Two-Factor Authentication¬†Integrations Settings
  4. Captcha on Login Plugin Installed
    • Default Settings + Tool Used for Changing Administrator Username from “admin”
  5. No “admin” Username in Use
  6. Strong Administrator Password in Use

In doing so:

Anyone attempting breach must determine both a complex username and a complex password and enter a new random captcha code with each attempt, resulting in a massive decrease in mere attempts which not only severely diminishes the likelihood of a breach, but severely diminishes the number of attempts and subsequent bandwidth/data use of the website.

But let’s just say that they do manage to get past all of that…

Should anyone manage to guess not only the username, but the password as well AND enter the correct captcha code and pass the primary authentication, they must then authenticate via push, SMS or phone call to the number associated with the admin account, which obviously they don’t have.

In Addition to All of This…

We Monitor: We utilize two monitoring systems that notify us instantly by email and SMS simultaneously of any and all changes to any of our client websites, so that we can immediately identify if any unauthorized changes (which may indicate a breach) have occurred.

We Maintain: We keep all core, plugin and theme files updated at all times, again utilizing two systems. One that notifies us instantly when anything has an updated version available and one that we run daily that automatically checks all of our client websites for updates.

We Back Up: We maintain a current backup of all of our client websites for easy and instant restoration should anything ever go wrong.

With JensenWorks Technology, your website is well-built, well-protected and well-maintained at the highest level possible.