Is Your Website Protected? 10 Questions to Ask Your Hosting Provider
It doesn’t matter if you manage an agency, an eCommerce store, or the digital properties for a global enterprise—protecting your website is a business imperative.
That’s because the risks that come with an unprotected website, like data breaches and downtime, extend far beyond the site itself. An unprotected website has the potential to impact your entire business, from exposing sensitive data and eroding customer trust to damaging your brand’s reputation and causing significant financial harm.
Learn how to safeguard your site in this on-demand webinar!
One way to protect your site(s) is by choosing the right hosting provider, which is not only important for website security, it’s critical for the long-term success of your business.
But how do you know if your provider has your back?
Here are 10 questions you should ask to ensure your website is well-protected:
1. How do you manage software updates?
Regular software updates are at the core of a well-protected website. Outdated software is a common entry point for hackers, and keeping your software up-to-date is one of the best ways you can safeguard your site against threats.
To help you with this, your hosting provider should offer automatic updates for server software, including the operating system, control panel, and any installed applications like WordPress. They should also notify you of available software updates and allow you to opt-in for automatic updates if you so choose.
For WordPress sites specifically, it’s critical that your hosting provider supports automatic updates for WordPress core, themes, and plugins.
Outdated versions of these components are responsible for more than half of all WordPress vulnerabilities, and ensuring they remain regularly updated can significantly reduce the risk of your site being compromised.
At WP Engine, our customers can opt-in to automatic WordPress core updates or defer them, as well as support for new (and existing) versions of PHP.
Our teams also thoroughly test and “approve” WordPress, PHP, and MySQL updates before we push them to customers, offering another layer of security and effort you don’t have to spend time on (or hire for)!
Last but not least, WP Engine offers customers Smart Plugin Manager, which can automatically run plugin and theme updates, check for site impact, and roll back updates if issues are detected to keep your site secure without manual intervention.
2. Do you have a firewall?
A firewall is your first line of defense against malicious attacks. These systems monitor and control incoming and outgoing network traffic based on predetermined security rules.
Today, most hosting providers offer firewall protection, although the quality and effectiveness of these solutions can vary.
More comprehensive providers, including WP Engine, offer both basic and advanced firewall protection, including web application firewalls (WAF), which can block malicious traffic before it reaches your site.
WP Engine’s Global Edge Security, which is integrated with Cloudflare, offers preset firewall rules and DDoS protection to ensure your site remains protected from malicious traffic and common vulnerabilities such as SQL injections and cross-site scripting (XSS) attacks.
3. What is your security policy? Are you SOC-2 compliant?
While it’s important to insist on specific security solutions, such as firewall protection, it’s also essential to have a broader understanding of your provider’s security policy and any certifications they might have.
A comprehensive security policy ensures your hosting provider follows industry best practices to protect your site.
Standard security policies often cover various aspects of your provider’s security posture, including data protection, regular testing and audits, as well as vulnerability assessments.
Additionally, some providers enhance their security policies with third-party certifications and audits, such as SOC-2 certification, which is a strong indicator that a hosting provider adheres to strict protocols for safeguarding customer data.
WP Engine is SOC-2 compliant and meets the standards for Security and Availability Trust Services Categories. We’re also ISO 27001-2013 certified, meeting the requirements for “establishing, implementing, maintaining, and continually improving an information security management system” as laid out by the International Organization for Standardization (ISO).
By opting for a hosting provider with a clear and comprehensive security policy and relevant certifications, you can be confident that your site is protected against potential threats.
4. How do you handle sensitive customer data?
Protecting sensitive customer data is paramount for maintaining customer trust and complying with privacy regulations.
While SOC-2 compliance is a strong indicator of a provider’s data protection practices, you should clarify the security measures your hosting provider has implemented to ensure data protection.
This includes using encryption for data at rest and in transit, ensuring that sensitive information stored on servers and transmitted over the internet is secured against unauthorized access.
WP Engine, for example, ensures secure handling of sensitive data and supports compliance with major regulations such as GDPR and PCI-DSS. This includes offering secure payment gateways and form submissions for WordPress sites, ensuring that customer information is protected and regulatory requirements are met.
5. How often do you perform backups?
Regular backups are essential for ensuring the integrity and continuity of your website.
Having a reliable backup can prevent significant disruptions in the event of data loss, hacking, or another disaster recovery scenario.
While this applies to any type of website, it’s especially true for eCommerce sites, which risk losing orders, payment information, and customer data without regular, robust backups. The same is true for media sites, membership platforms, and other websites that rely heavily on customer data and a regular cadence of new content.
Ask your hosting provider if they perform daily backups, which ensure the preservation of your site’s most recent changes and updates.
You should also ask your provider how long they retain these backups. Keeping backups for at least 30 days offers extended protection, providing you with multiple restore points to choose from if an issue goes unnoticed for several days.
WP Engine performs automated nightly backups and offers on-demand backups before significant updates or changes. We also support full-site backups for WordPress sites, including the database, themes, plugins, and media files.
6. What kind of server reliability and uptime guarantee do you offer?
While downtime can lead to a loss of revenue and customer trust, high server reliability and uptime ensure your site is always available to visitors.
Your hosting provider should offer at least 99.9% uptime, supported by a Service Level Agreement (SLA).
For example, WP Engine offers a 99.95% uptime guarantee per our SLA, as well as a 99.99% uptime guarantee for sites with high availability requirements. Additionally, WP Engine works directly with customers to meet their reliability and uptime needs.
For example, during high-traffic events like the Super Bowl or Black Friday, WP Engine works with customers to preemptively scale and monitor servers, ensuring their sites remain reliable, with optimal performance.
7. Who’s accountable for what in the event of an outage?
Understanding your hosting provider’s accountability in case of an outage helps you manage risks and set expectations.
In addition to an uptime guarantee backed by an SLA, as noted above, your hosting provider should also clearly outline its responsibilities in the event of an outage or other type of downtime, including compensation and support measures.
In addition to knowing what your provider is accountable for, make sure you understand what you’re still responsible for if an outage does occur.
It’s important to clarify all of these details with your hosting provider so you can better understand—and be better prepared for—the risks you might face in the event of an outage.
8. Do you offer dedicated servers for more security or concise needs?
Dedicated servers provide an additional layer of security and performance for your website.
Unlike shared hosting, where resources are distributed among multiple sites, dedicated servers allocate all resources to a single client, minimizing the risk of interference and improving reliability.
Dedicated servers are particularly beneficial for businesses with high-traffic websites, stringent security requirements, or specific compliance needs. They offer greater control over the server environment, allowing for customized security settings and performance optimizations.
Ask your hosting provider if they offer dedicated servers and how they manage these environments.
WP Engine provides dedicated server options that cater to your business’s unique needs. These options bolster security by isolating your site from others and reducing the risk of cross-site contamination.
We also offer tailored configurations to meet specific performance requirements and compliance standards. Additionally, dedicated servers often come with advanced monitoring and support, ensuring issues are promptly addressed to maintain optimal performance and security.
9. How easy is it to scale site resources up and down?
Your website needs may change over time, and your hosting provider should offer the flexibility to scale resources as needed.
This includes providing scalable solutions that allow you to upgrade or downgrade your hosting plan without significant downtime or data loss. A flexible hosting provider should enable seamless transitions between different levels of service, ensuring your website can handle varying levels of traffic and demand.
This scalability is crucial for businesses experiencing growth or seasonal spikes in traffic, preventing potential slowdowns or crashes.
WP Engine exemplifies this flexibility by working with clients to load test and scale their websites during critical times. This proactive approach ensures WordPress sites can accommodate increased demand without compromising performance.
10. How responsive is your customer service and tech support?
Responsive customer service and technical support are crucial when you encounter issues that need immediate attention.
Your hosting provider should offer 24/7 customer support through multiple channels, including phone, email, and live chat.
WP Engine provides around-the-clock, award-winning support from WordPress experts who can address questions promptly and assist with WordPress-specific issues to ensure your site remains secure and highly functional.
This level of dedicated support helps resolve problems quickly and efficiently, minimizing downtime and maintaining your website’s smooth operation.
Protect your WordPress sites with confidence
Choosing a hosting provider that prioritizes website protection is essential for the security and success of your business.
By asking the questions listed above, you can ensure your hosting provider has the necessary measures in place to keep your site safe from threats.
Remember, a secure website not only protects your data but also builds trust with your visitors and customers.
Learn about this and more in our recent webinar. Have questions? Chat with an expert now.