Tag: Security

A few configuration changes are needed as part of the basic setup with a new Ubuntu 16.04 LTS server. This article will provide a comprehensive list of those basic configurations and help to improve the security and usability of your server while creating a solid foundation to build on.

Broken down into two parts our article’s first section hits on “how to whitelist IPs or URIs,” for people who are somewhat familiar with ModSecurity but want to know further about the process. Our second section examines why we configure ModSecurity and how to prevent the security of the server from getting in the way of our work. If you have a Fully Managed Liquid Web server reach out to our Heroic Support team for assistance with whitelisting!

Maldet, a free popular malware scanning software for Linux servers, can be used to scan an entire server for potentially malicious files. Properly configured and monitored, it can even be used to disable or fully remove malware when it is detected. However, the removal of files should only be configured once you are certain no false positives will be picked up in the scans.

When to Update PHP?

PHP is a programming language that can run with Apache or Microsoft IIS and works with your dedicated or VPS server to execute the requests that make up your website. 88% of online sites run on, the soon to be vulnerable PHP 5.X technology. At the close of this year, scheduled by Dec. 31, 2018 security support will end for our dear old friend PHP 5.6, meaning bugs and security fixes will not be tended to and could lead to security vulnerabilities. Each PHP version gets supported actively for two years while the third year only gets critical security updates. Luckily, the PHP gods had smiled upon us and extended the life for just a year longer than the typical PHP version before giving us the new year deadline. For all the developers out there wanting to know exactly what is changing, here’s a helpful migration guide from PHP 5.6 to PHP 7.X.

On our Managed Wordpress hosting platform, we strive to ensure security with regularly scheduled patches and updates. By utilizing our intrusion prevention software, we mitigate malicious activity and block repeated failed logins for your Wordpress admin portal. Furthermore, our web-application firewall, restricts unneeded ports along with custom rules to help protect you on the application level. We take care of the administration work so you can spend more time securing your site. Below our Managed Wordpress admins share tested (and trusted) implementations to keep your site locked up tight.

HIPAA-Compliant Hosting provides a foundation for healthcare providers to build applications and services that comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which safeguards themselves and their client’s Personal Health Information (or PHI). Anyone who has access to PHI is required by law to follow these rules and regulations to protect the healthcare data's privacy in their charge. 

Domain Name System Security Extensions or DNSSEC signs DNS Record Sets (RRsets) at each DNS zone level. This allows one to verify the DNS record they are receiving has not been altered.

Basic Firewall Rules

In a firewall rule, the action component decides if it will permit or block traffic. It has an action on match feature. For example, if the traffic matches the components of a rule, then it will be permitted to connect to the network. It is essential to consider the potential security risks when modifying a firewall rule to avoid future issues. Following best practices for configuring firewalls can help you maximize the effectiveness of your solution.

If you run WordPress sites on a dedicated or VPS server, you likely know it is critical to make sure that your software is up to date. In fact, you may have automatic updates enabled, so your site updates as soon as WordPress updates are available.  If you are running WordPress sites on a Liquid Web product such as our Storm VPS or Dedicated servers, please read on. This article contains critical information for you regarding WordPress 4.9.4 updates and action is required.

Liquid Web’s Account Management System has a robust API that allows for accessing your account from outside the Manage interface. For example, the API can be used to integrate WHMCS directly to your Liquid Web account. To access the API, an API user must first be created for that account.