WordPress Security Features
Posted by Lee Blakely on 04 March 2020 09:50 PM
Our shared hosting platform includes several important WordPress security features. These features increase the security of your site but may create confusion the first time you encounter them.
Extra Login Protection
Many WordPress sites are compromised by hackers using automated scripts that "brute-force" a WordPress login by making repeated login attempts. To minimize this risk, by default WordPress sites on our shared hosting platform have an extra layer of HTTP Basic authentication on wp-login.php. In your browser if you go to:
Then WordPress will redirect you to:
This is the normal WordPress behavior. On Reliable Penguin's platform you'll be promoted with a login dialog similar to this:
At this dialog please enter:
This easy to remember login discourages automated scripts and reduces the chance of your site being hacked by "brute-force" attacks. In some case this extra login creates problems. If you encounter such a situation just open a support ticket and we'll disable the feature on your site.
No PHP In Uploads Folder
Frequently when a site is hacked, the malicious party will install PHP code in the /wp-content/uploads folder. Properly designed WordPress plugins never put code in the /wp-content/uploads folder. To limit the impact of hackers we block execution of PHP, CGI, Perl and server-side includes in /wp-content/uploads folder. Contact support if this creates a problem in your application.