Our shared hosting platform includes several important WordPress security features. These features increase the security of your site but may create confusion the first time you encounter them.

Extra Login Protection

Many WordPress sites are compromised by hackers using automated scripts that "brute-force" a WordPress login by making repeated login attempts. To minimize this risk, by default WordPress sites on our shared hosting platform have an extra layer of HTTP Basic authentication on wp-login.php. In your browser if you go to:

https://mysite.com/wp-admin

Then WordPress will redirect you to:

https://mysite.com/wp-login.php

This is the normal WordPress behavior. On Reliable Penguin's platform you'll be promoted with a login dialog similar to this:

At this dialog please enter:

This easy to remember login discourages automated scripts and reduces the chance of your site being hacked by "brute-force" attacks. In some case this extra login creates problems. If you encounter such a situation just open a support ticket and we'll disable the feature on your site.

No PHP In Uploads Folder

Frequently when a site is hacked, the malicious party will install PHP code in the /wp-content/uploads folder. Properly designed WordPress plugins never put code in the /wp-content/uploads folder. To limit the impact of hackers we block execution of PHP, CGI, Perl and server-side includes in /wp-content/uploads folder. Contact support if this creates a problem in your application.

Below are the most frequently needed settings and details for our shared hosting service.

You can also download this information in a PDF document.

Support

Need assistance? You can contact technical support on the web, by email or by phone:

Control Panel

Our control panel is located at:

https://panel.reliablepenguin.com

From here you can manage your web hosting account as well as email and DNS.

To login to the control panel you’ll need to know the username and password for your account. Contact Support for assistance.

Name Servers

If your want Reliable Penguin to provide Domain Name Service (DNS) for your domain name, then set your nameservers to:

ns1.reliablepenguin.com
ns2.reliablepenguin.com

SFTP/SSH

For SFTP or SSH access to your website, the hostname is:

sftp.reliablepenguin.com

The username and password can be set from the Control Panel.

Email Settings

For incoming email set your MX record in DNS to:

mail.reliablepenguin.com

Use the following settings in your email client software:

Incoming

Outgoing

You can access your email box from a web browser at:

https://webmail.reliablepenguin.com/

The username is your full email address including domain name. The password can be set from the Control Panel.

Due to increasing problems with malicious spammers it is vital to all of our clients that email and SFTP accounts be properly protected. Effective immediately for all new accounts and all password changes will require a strong password. Passwords must be at least 8 characters in length and contain at least one occurrence of upper and lower-case characters, digits, and special characters. For example "P@ssw0rd12".  Such passwords provide strong protection from brute-force attacks and minimize the risk of your email or SFTP account being compromised. We realize that this can be annoying but it is unavoidable given the aggressiveness of spammers and the damage to all customers that a single compromised account can create.

Reliable Penguin's postal address is changing. Here's the new address:

Reliable Penguin, Inc
PO Box No. 2236
Davidson, NC 28036

This address should be used for all payments and other correspondence.

Sucuri released today details of a new vulnerability in WordPress. Full details can be found here:

https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

If you are running WordPress 4.7.1 then it is critical that you update immediately to 4.7.2. For older WordPress versions, if you have the REST API enabled then you also need to upgrade.

Contact Reliable Penguin at support@reliablepenguin.com if you need assistance.

In the next few weeks, Chrome version 56 will be released. This release will continue the process of pushing users to HTTPS by labelling sites and form fields as non-secure in certian cases. This is an important change that all site owners should be aware of. WordFence has a greate article on the subject:

https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/

If you need assistance adding SSL/HTTPS to you website please open a support ticket.