Simply performance and safety.

Blog
Doc
Portal

Security and vulnerabilities

The two main principles of IT security

According to LRob, there are two main principles that are as inescapable as they are dogmatic:

  1. The final safety of a system is that of the weakest link in its chain.
  2. Safety at 100% is illusory (and anyone who claims otherwise is a liar or ignorant).
Robin LABADIE

Note that users and administrators are part of the security chain.

That's why we mustn't neglect any aspect of security, any link in the IT chain, because even if we do our best, we can still let things slip through the cracks, and we're never safe from a "0-day" flaw, i.e. one that's exploited before it's corrected.

LRob safety devices

LRob servers feature many levels of security designed to block attacks at the very top of the server chain. We try to be impeccable in every aspect, to get as close as possible to 100% security. Remember that perfect security never exists, but we can try to get as close as possible. LRob's security measures are rigorous, and some are unprecedented in the world of hosting providers, to ensure the highest possible level of security.

Default security

The ultimate "out of the box" server security!

ModSecurity application firewall

Effectively blocks malicious requests before they reach your sites. In the event of a repeat offence, fail2ban blocks the attacking IP for even greater security.

Fail2ban anti-bruteforce

Completely blocks repeated unauthorized access to all server services. IP blocking of brute-force attempts on WordPress, Plesk, Email and FTP. Also blocks bots searching for vulnerabilities on servers.

Site isolation

Each site is isolated in its default system user. If a problem occurs on one site, it cannot affect the others.

Server antivirus

ImunifyAV regularly scans sites.

PHP update

If you forget, we'll take care of it for you!

Daily serve updatesurs

Weaknesses in server applications may also exist (even if hosting companies deny this outright). Updating your software on a daily basis will keep your hosting as secure as possible.

Daily host backups

Outsourced backups with one-year retention for maximum peace of mind.

SSL/TLS certificates included

Automatic TLS certificate generation & HTTPS forced by default. Free wildcard certificates available if you manage your sites' DNS zones via LRob.

Strong encryption

Exclusive use of secure TLS ciphers.

Security for WordPress

WordPress security made easy!

Control in a glance

Your hosting panel highlights any anomalies in your WordPress instances.

Automatic WordPress updates

Activated with a few clicks for maximum security at all times.

WordPress Login Protection

Block IP brute-force attacks on your WordPress login.

Server antivirus

ImunifyAV regularly scans sites for known malicious files. In the event of an anomaly, you'll receive an email.

WordPress security vulnerability detection

Manually check for vulnerabilities and receive alerts when new vulnerabilities are detected, so you can react quickly.

See the 24 security rules for WordPress
  1. Change default administrator username (admin)
  2. Block access to .htaccess and .htpasswd
  3. Block access to potentially sensitive files (logs, scripts, executables)
  4. Block access to files containing identifiers
  5. Blocking bots looking for WordPress-specific vulnerabilities
  6. Change the default database table prefix
  7. Disable file editing in the WordPress dashboard
  8. Disable PHP execution in cache directories
  9. Disable unused scripting languages (Python, Perl, etc.)
  10. Disable pingbacks
  11. Disable script concatenation on the WordPress admin panel
  12. Block access to the wp-config.php file
  13. Prohibit execution of PHP scripts in the wp-content/uploads directory
  14. Prohibit execution of PHP scripts in the wp-includes directory
  15. Block directory browsing (-indexes)
  16. Block access to xmlrpc.php file
  17. Configuring security keys
  18. Restrict access to files and directories (permissions)
  19. Block author scans
  20. Enable automatic updates
  21. Generate a secure password
  22. Automatic detection of security vulnerabilities
  23. Scan site for malicious files
  24. Define a PHP version with secure support

Security vulnerabilities

Server vulnerabilities

Any security breaches that may occur on the server side are handled by LRob.

LRob uses Linux servers (Debian), which is a highly reliable, stable and secure version, ideal for a production web server system. Security flaws in Linux are usually corrected very quickly, even before they become public knowledge.

We have also put in place a number of measures to prevent server vulnerabilities, including active monitoring of Linux system vulnerabilities, with immediate manual updating in the event of a breach. We also automatically update all server applications on a daily basis, with a monthly manual check every first Monday of the month.

CMS vulnerabilities

Interactive and dynamic websites, such as those built with CMS, are vulnerable to security breaches. That's why it's essential to control and secure the interactions between the user and your site.

CMS like WordPress websites are regularly subject to security breaches. LRob provides many additional server-side safeguards and tools to help you stay secure. Nevertheless, in the face of a security breach, your site may remain vulnerable. So it's important to :

  • Keep your CMS and plugins up to date (activate automatic updates).
  • Use strong, unique passwords.
  • Monitor site users and files to prevent intrusions.
  • Use Plesk tools to check for and correct any existing vulnerabilities (by updating, deactivating or replacing scripts).
  • Use Plesk tools to add additional security rules to WordPress

Tools like Plesk's WordPress Toolkit help you keep your WordPress and other applications more secure than on most hosting packages. However, you can't rely solely on these additional safeguards: if your application is intrinsically insecure, then it could be hacked.

Note that the PHP application running your end-user application (CMS) may also contain security holes when you use an obsolete version that no longer receives security support. We recommend checking your PHP version 1x a year. Vulnerabilities arising from obsolete versions of PHP are avoided as far as possible by LRob, by pushing new versions of PHP used on websites once a year (and by notifying any hosting owners whose sites are incompatible with new versions of PHP).

If you suspect a hack or an unexpected change on your site, contact your support who will guide you and help you effectively.

Related pages :

en_US
fr_FR en_US