1 May 2023
Every WordPress website is hosted by a web hosting company, a company with several server security specialists. Large web hosts employ IT professionals with 30-50 years of cybersecurity experience.
Many people with a WordPress website therefore assume that it is within the capabilities – and even responsibilities – of the web hoster to keep the website hack & malware free.
After all, the attacks are done on the website towards the server right? And malware + hacks eventually end up on the hoster’s server. Right?
In the video below (english), Mark Maunder, the Founder & CEO of WordFence – 1 of the largest WordPress antivirus services – explains that because of connection encryption (TLS), it is hardly possible for hosting companies to identify and/or directly stop attacks. Only the elaboration can be identified. But in many cases that is already too late.
ance attacks are constantly changing & the elaboration (payload, hack, malware) are constantly changing & there is still a piece of customer privacy and self-determination over the website & the server is made for performing tasks and not blocking… it is not feasible for web hosts to recognize, block, and remove all malware.
For that reason, as a WordPress security specialist, I still have work to do 😉
But WordFence has now launched an interesting service.
WordFence Intelligence
WordFence’s security experts see millions of attacks, and their effects, through the WordFence plugin.
Based on that information, they can fairly quickly determine which hacks & IP addresses come from hacked or rogue servers. They are going to make that information of those addresses and hacks available to web hosts via a WordFence Intelligence API.
Will that be a solution that will prevent all attacks and malware on web hosts’ servers in the future?
There will always be a 30-60 minute “wait time” between attacks, their processing and blacklisting/information.
So 100% protection cannot be provided by this tool for web hosting companies either, but it can address the biggest dangers. It can stop thousands of Web sites from being attacked!
And better yet, that thousands of requests on the server via changing ip’s are blocked faster which benefits server capacity and reduces power costs.
So a good development!
But who knows, maybe we will gradually move toward a time when massive attacks on millions of websites will become a thing of the past.
Until then, as a website owner, make sure that your website is at least protected with an antivirus plug-in with firewall, or better yet, have your website protected!
