WordPress-Optimized Hosting Services
- Ideal for average general information websites.
- Up to 25,000 visits/mo.
- 10 GB data storage.
- Annual SSL Certificate.
- Ideal for mid-level bandwidth websites such as small e-commerce and active general information websites
- Up to 75,000 visits/mo.
- 15 GB data storage.
- Annual SSL Certificate.
- Ideal for high bandwidth websites such as large e-commerce and highly active publication websites
- Up to 125,000 visits/mo.
- 25 GB data storage.
- Annual SSL Certificate.
- Custom hosting available.
All Plans Include
Annual SSL Certificate
Custom Domain Mapping
Clean IP Address
Un-Throttled Transfer Rates
What is 'Hosting'?
The discussion gets deeper with considerations of backups, version control, security hardening, intrusion detection, disaster preparedness, redundancy, server optimization and service availability. And there are a myriad of other fine details to consider, implement and maintain. Bottom line, all these considerations are important. They all impact your site’s performance and effect.
Why SEO Hosting?
What’s 'Unthrottled' Bandwidth?
What if I Need More Storage or a Higher Visitation Limit?
Can I have my Own Customer URL?
What’s a 'Clean IP' Address?
What’s an SSL Certificate?
What Kind of Security Monitoring Does SaaS Ventures Provide?
Strong security measures ensure your website is protected from exploits and running at peak performance. Understanding WP Engine security measures will give you freedom to develop and operate your website within the scope of our secured environment. This document is designed to give you an overview of these security measures and how they may effect your website.
DISK WRITE PROTECTION
Malicious code can embed itself into a website by writing to the file system. This occurs when a vulnerability leaves the door open for malicious injection from a theme or plugin. The WP Engine environment limits the processes that can write to your disk. So even if you’re using a theme or a plugin with a vulnerability, it’s extremely hard for them to be exploited.
DISK WRITE LIMITATIONS
By logging all attempts to write to your disk, we can identify both malicious and non-malicious code. If necessary, we’ll make additional site-by-site allowances for special cases. Should you require an allowance, please contact our support for review.Disk write privileges are limited to the following:
- If you’re logged into the WordPress Dashboard, you’re able to perform all standard functions. This includes writing posts & pages, editing themes, plugins & style sheets and activating & disabling plugins.
- CAPTCHA plugins and image editing plugins are allowed to write to disk.
- SFTP users can add, edit and delete files via a dedicated SFTP client.
DISK WRITE PRIVILEGES
Disk write privileges are blocked for the following:
- Generic PHP code and anything else in that process space that has not been given write privileges.
Some frequently used scripts are known to contain vulnerabilities. Our system scans the files structure to identify these vulnerabilities. Scripts that are insecure will be disallowed. And scripts with available updates will be automatically patched.
- TimThumb – Older versions of TimThumb are known to contain vulnerabilities. When our system scan identifies an older version, we automatically update the script. After the upgrade is complete, the system notifies you by email.
- Uploadify – Access to this script is blocked due to known security threats. To learn why, check out this blog post from our partners at Sucuri.
Some plugins expose a website to vulnerabilities. This is unintentional nearly all the time, but we still have to draw a line in the sand. Our system scanner searches for these plugins and automatically disables them. We also disable certain plugins for performance reasons. Our comprehensive list of disallowed plugins (along with reasons for banning them) is found here.
Do you provide a segregated environment (physically or logically) so each customer’s data is isolated and protected against any unauthorized access?
Dedicated server environments are particularly valuable for websites with high transaction volume. We happily support demanding WordPress sites.
We offer fully segregated hosting environments for all our customers.
Are backups kept?
Yes. Backups are maintained so each customer’s data is kept logically separate from other data. Full backups are stored as tarballs on Amazon S3. Customers do not have access.
Do you conduct or arrange in-house vulnerability scanning for all infrastructure, servers, databases and applications on at least a quarterly basis? Please describe how vulnerability scanning reports are used by your company and how remediation of vulnerabilities occurs.
We also contract with well-regarded security firms, including Sucuri, for auditing and remediation.
Reports are processed internally and remedied as fast as possible with the assistance of these firms. Any changes are reported on our public status blog, but only after we’ve made the changes to reduce the chance of exposure.