In the past month, our forensic analysts ran into two situations where we saw a significant number of site cleaning customers, all from the same hosting companies, all with the same malware. In both cases the sites were infected due to a hosting company security issue.

The following are questions we think your hosting company should be able to answer.

  • Are you running up-to-date versions of the following products: CPanel, Operating System, Caching Technology, PHP, phpMyAdmin and MySQL?
  • Are you completely isolating hosting accounts from each other? Or is it possible for one hosting account to read files in another account on the same server?
  • Are my server logs available and how long are they kept?
  • How are you backing up my site and how long are backups being retained?
  • Does my current hosting plan allow me to enable HTTPS?

We hope this post helped bring awareness to some of the hosting-related security issues that you need to stay on top of. Your hosting company plays a critical role in securing your website. Unfortunately not all of them are created equal, so make sure that yours is providing a strong security foundation for your WordPress website.