Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Shared hosting is beneficial for small hobby sites and personal blogs, but businesses might find that shared hosting limits growth. To start out, however, many site owners begin with shared hosting until their business grows and makes enough to justify paying for virtual private servers or dedicated hosting. For web hosting providers, it’s critical that servers run at optimal speeds and don’t harbor any malware. Security can be complex when hundreds of site owners with little knowledge of performance tuning and cybersecurity install applications on the shared server. With the right tools, site owners and administrators can keep their servers running at peak performance and keep them secure from common exploits. Keep on reading to find the answers to the following questions:

For years, cybersecurity has been reactive - incidents were identified and remediated after discovery. But having a reactive strategy means that you often clean up after the damage has already been done. It only takes a few minutes for attackers to exfiltrate data, so a reactive strategy is no longer best practice due to the massive revenue loss after a breach. Instead, organizations should push towards a proactive approach to stop attackers before they can do any damage and steal data. The article covers the following topics:

Virtual Private Servers (VPS) give website owners more control of their site’s configurations and experience, so it’s no surprise that most website owners prefer it over standard shared hosting. Since customers have more control over server settings, VPS service is more challenging to secure. It’s still a virtual server connected to the network, so security for host administrators and customers should be a priority to protect data on the VPS instance and the host network. The articles covers the following topics related to Linux VPS security:

Ranking in search engine results is a valuable marketing tool for organizations, and losing this ranking can directly affect revenue. Search engines do what is best for their users, and one of those strategies is to remove hacked sites and those hosting malware. Google has its own scanner that detects hacked sites, but many site owners are unaware they’ve been hacked until they realize that they no longer receive search engine traffic to their sites. To help site owners fight threat actors and protect sites, shared hoster Create.com uses Imunify360 to detect, stop, and clean malicious content.

Stablepoint supports over 60,000 websites across 38 locations. The web hosting organization prides itself on a 5.0 Trustpilot rating based on customer reviews and satisfaction. Stablepoint optimizes their web servers for speed and reliability, but the company experienced issues with hacked sites on shared hosts. Malware exhausts server resources, so Stablepoint administrators spent enormous amounts of time identifying hacked sites, removing malware, and closing tickets to maintain performance.

Every web hosting provider offers site management solutions so that customers can customize their domain settings and manage their sites independently. DirectAdmin is one of the most popular tools on the market, similar to Plesk (discover Plesk security best practices) and cPanel (learn more about cPanel security). After deployment, server administrators and site owners should review configurations and follow cybersecurity best practices to protect sites from exploits and safeguard sensitive data. Although this guide does not reduce risk by 100%, following it will improve your cybersecurity posture and stop many common threats that could harm hosted sites. In this article, you will learn about DirectAdmin and discover DirectAdmin security best practices:

Interserver.net is a US-based web hosting company focused on quality service at an affordable price. To ensure customer satisfaction and to continue their gold-star reputation, Interserver.net turned to Imunify360 to detect, block, and clean malware directed at shared hosted websites. After Interserver.net installed Imunify360, the web host saw a considerable decrease in hacked sites and the benefit of reducing technician overhead necessary to clean customer sites. Keep on reading to learn the full story and also discover the post from Interserver.net side here.

Reactive security is no longer practical to stop attackers and leaves your organization vulnerable to data exfiltration that can persist for months. It only takes a few minutes for an attacker to compromise and exfiltrate data, and afterward, your organization is left to perform clean-up.

If  you don’t proactively catch threat actors, they could go undetected for months on your network, exfiltrating data silently until you finally contain the threat. An advanced persistent threat (APT) could maintain a presence on your network even when you think it’s contained. Any threat that compromises your system causes monetary loss, potential brand damage, and future legal issues. A better way of cleaning up after a compromise is to put up a better defense and implement proactive security that catches, blocks, and contains threats before they damage your systems. Imunify360 team created an article based on Igor Seletskiy's speech, the CEO of CloudLinux Inc., "Proact, not overreact", keep on reading to learn more about proactive cyber security and watch Igor's speech in the end.

Web host administrators are aware that performance is important for customer satisfaction, but what they don’t know is that performance degradation can be directly related to malware and exploited vulnerabilities on the server. Advanced threats can be difficult to detect, but web hosts must rely on website owners with leased space on the server to stop them. Imunify360 has helped numerous web hosters detect, block, and remediate threats across the entire shared server.

During the pandemic lockdowns, many businesses went from office work to an at-home workforce. Studies show that a huge uptick in cyber-attacks started in 2020 after pandemic lockdowns, which means that more attackers were scanning and searching for exploits on web servers. A web server with poor security controls, outdated software, misconfigurations, and overall lack of administration could be subject to numerous cyber-attacks and exploits.