luroConnect’s approach to security is to take a holistic view. This leads us to a multi-layered security principle. Components of which are
- Web Application Firewall – built into our nginx, WAF filters out traffic after examining its content. SQL and other injection can be best blocked here. However, WAF needs tuning on a per site basis – to reduce false positives. luroConnect includes custom rulesets tuned for each website by our WAF experts.
- Rate limit and IP address blacklisting.
- BOT blocker – filtered using the HTTP User Agent field.
- Periodic admin user role and password change reminder
- Blocking IP based on failed admin login attempts
- Protecting admin login with HTTP password
- File system security
- Ensuring uploaded malware is never executed
- Code deployment security
luroConnect understands a backup is useless until tested for restore. Our disaster recovery plan gives access to the disaster recovery server at all times. With a max of 20 minutes behind the live data and ability to scale up servers in 15 minutes should a need be, it is a must-have for all production servers. Read more about our DR Plan here.
We routinely blog about security in Magento and WordPress.