Website Security (Magento & WordPress)

luroConnect’s approach to security is to take a holistic view. This leads us to a multi-layered security principle. Components of which are

  • Web Application Firewall – built into our nginx, WAF filters out traffic after examining its content. SQL and other injection can be best blocked here. However, WAF needs tuning on a per site basis – to reduce false positives. luroConnect includes custom rulesets tuned for each website by our WAF experts.
  • Rate limit and IP address blacklisting.
  • BOT blocker – filtered using the HTTP User Agent field.
  • Periodic admin user role and password change reminder
  • Blocking IP based on failed admin login attempts
  • Protecting admin login with HTTP password
  • File system security
  • Ensuring uploaded malware is never executed
  • Code deployment security

luroConnect understands a backup is useless until tested for restore. Our disaster recovery plan gives access to the disaster recovery server at all times. With a max of 20 minutes behind the live data and ability to scale up servers in 15 minutes should a need be, it is a must-have for all production servers. Read more about our DR Plan here.

We routinely blog about security in Magento and WordPress.

We can analyze your site for free

Schedule a call

Not happy with your website performance and want an expert to look at it?

  • We will analyze your site using public information.
  • We will ask you to give us a 1 day web server log file.
  • We will try to identify what steps if any you should take to improve your sites performance goals.