Knowledgebase: Web Hosting
WordPress Security Features
Posted by Lee Blakely on 04 March 2020 09:50 PM

Our shared hosting platform includes several important WordPress security features. These features increase the security of your site but may create confusion the first time you encounter them.

Extra Login Protection

Many WordPress sites are compromised by hackers using automated scripts that "brute-force" a WordPress login by making repeated login attempts. To minimize this risk, by default WordPress sites on our shared hosting platform have an extra layer of HTTP Basic authentication on wp-login.php. In your browser if you go to:

https://mysite.com/wp-admin

Then WordPress will redirect you to:

https://mysite.com/wp-login.php

This is the normal WordPress behavior. On Reliable Penguin's platform you'll be promoted with a login dialog similar to this:

At this dialog please enter:

Username admin
Password letmein

This easy to remember login discourages automated scripts and reduces the chance of your site being hacked by "brute-force" attacks. In some case this extra login creates problems. If you encounter such a situation just open a support ticket and we'll disable the feature on your site.

No PHP In Uploads Folder

Frequently when a site is hacked, the malicious party will install PHP code in the /wp-content/uploads folder. Properly designed WordPress plugins never put code in the /wp-content/uploads folder. To limit the impact of hackers we block execution of PHP, CGI, Perl and server-side includes in /wp-content/uploads folder. Contact support if this creates a problem in your application.