Does wpSites feature Data Protection? #
“Data protection” is often interchanged with website backups. But, it’s much more than that. The most common elements of a solid data protection policy include:
- backups at the server level
- implementation of SSL (HTTPS protocol)
- requires users to have complex passwords
- is hosted with a reputable service provider
- implements a server firewall
- is proactively maintained
wpSites has all of these elements in place.
Data Protection Measures at the Server #
- SQL injection protection.
- Cross-site scripting protection.
- Remote and local file injection/inclusion attack protection.
- Command injection protection.
- Denial of Service protection.
- Real-time blacklists.
- Advanced anti-evasion protection (prevents someone from trying to bypass the WAF).
- Threat Intelligence protection (this is based on real-time attack intelligence reported by other customers, which is then made available in real-time to everyone using the complete rules. This means if customer A is attacked by a system, everyone blocks that attacker in real-time.)
- Automatic secure whitelisting of search engines (no false positives with search engines, they are automatically detected and whitelisted in a way that prevents spoofing. This ensures that sites page rank is also protected.)
- Malicious bot protection.
- Automatic removal of malicious code from websites (if a website is compromised, the complete rules will remove the malicious code from the website in real-time, without touching any code on the system. This ensures that there is no risk to the customer websites, and also removes anything malicious from them. This means you can use the rules on a system that’s already been compromised, and eliminate the effects of the web applications compromise without having to do anything other than install the rules.)
- Advanced protection rules for SQL injection, XSS, CSRF, RFI, LFI.
- Advanced protection for WordPress and other popular web applications.
- Brute force protection (detects and blocks web authentication brute force attacks, without relying on either status codes or logs).
- Anti-spam protection (blocks web spam).
- All Virtual Patches for Zero-Day vulnerabilities (Refer to this article for an explanation of what is a virtual patch).
- Data loss protection rules (protection from credit card theft, sensitive data, error messages that show sensitive data).
- PCI-DSS compliance (meets PCI-DSS WAF compliance requirements).
- Domain source blocking (you can block a source by the domain name or FQDN that resolves from its IP address.)
- Malware protection.
- Web shell protection (Detects and blocks web shells and other malicious code from running.)
- Whitelisting and blacklisting.
- Advanced false positive prevention (complete rules contain additional advanced code to prevent false positives.)
- Real-time support (false positives are resolved within minutes or hours, although they are very rare with the complete rules.)
- Updates multiple times daily.