WordPress Security Pt. 5 Print

  • 0

Hosting & Backups

Lesson 5

There are four main hosting environments that can be used for your WordPress installation:


  • Shared Hosting Environments
  • Virtual Private Server (VPS) Environments
  • Managed Hosting Environments
  • Dedicated Servers


In theory, the environments that remove the most dependency from the user will offer the most security.


If you have the time and skill to secure your own environment, you have more options but also more responsibility.

The type of hosting environment you choose should be dictated by your needs and expertise:


  • If you have little understanding of how websites work, go with a managed environment
  • If you’re an organization with your own network operations center (NOC), information security operations center (SOC), or dedicated sysadmins, then a VPS or dedicated server provides better isolation of your environment


You can also initiate a conversation with your hosting provider to identify what their stance is on security.

WordPress Security Tip

Use carefully isolated FTP and user accounts on shared server environments to prevent cross-site contamination.

Banner 2

SFTP/SSH Connections

Secure file transfer to and from your server is an important facet of website security in your hosting environment. Encryption ensures that any data sent is protected from prying eyes who may be sniffing your network traffic.

SSH: Secure Socket Shell is a secure network protocol and the most common way of safely administering remote servers. Any kind of authentication, including password authentication and file transfers, is completely encrypted.

SFTP: SSH File Transfer Protocol is an extension of SSH and allows authentication over a secure channel. If you are using an FTP client, we recommend SFTP instead of unencrypted FTP: the default port for SFTP is 22.

Banner 3


Maintaining website backups should be one of the most important recurring tasks for a website administrator.

A good set of backups can save your website when absolutely everything else goes wrong. If a malicious attacker decides they want to wipe all your site files or corrupt your site files with their buggy scripts, the damage can be undone by restoring your site from your backups.

Was this answer helpful?

« Back

Powered by WHMCompleteSolution