Every day we run a scan on all websites running on our Shared and WordPress hosting platform for common malware. We make use of commercial tools and systems to find all sorts of nasties.
You will get a detailed report of the scan in our control panel. This is what some other web hosts provider charge as a premium.
We will always send you an email alert if malware is discovered.
WordPress users also have another way to check for malware, through our WordPress Checksum Report in our WordPress Tools suite. This checks that your WordPress core matches the official WordPress repository.
SSL-TLS certificates continue to remain an fundamental part of data transfer and secure web browsing. Google even made it important that every website should have one. Our Partnership with Let’s Encrypt ensures that every site we host is a ‘https’ one.
Our SSLs are ‘wildcard’ certificates. This allows you to secure all your subdomains as well as your primary domain using one certificate. You will need to use our nameservers on your site to get a free ‘https’ certificate.
All emails and forwarders sent and received are subject to advanced antivirus and anti-spam protection.
We make use of 3 layers of inbound spam and virus scanning:
Sadly, a lot of security measures becomes ineffective if the password has been compromised. Which is why we provide the option to use 2-factor authentication for StackCP and SSH access.
2FA is a way to add an extra layer of security. Our 2FA uses TOTP apps, which provide you with a time-sensitive single-use code to enter as well your password. 2FA app providers include Google and Microsoft. The apps are run from your phone.
2FA is a way to add a secondary layer of security.
We also enforce another form of ‘2FA’: random security checks when payments are made. This requires you to call us and confirm additional security information provided by yourself when first signing-up.
Distributed denial of service (DDoS) attacks have become something that seems to be growing everyday on the web. Usually, if your shared hosting or virtual private server (VPS) is attacked, you do not have much of a choice than to wait for the attack to stop.
This is why we are covered with what we call 1 Tbps+ anti-DDoS protection. This enterprise-level protection protects you against most attacks. It only filters-out malicious traffic, so you can carry on working without noticing any interruption.
Another way to stop security breaches is to prevent criminals from getting access to the codes on your server. We have a feature called Web Application Firewall(WFA) to help protect software and data by blocking suspicious activity.
Web forms have also become a common way to attack websites by inserting malicious code because they need to allow information to pass from the user to the server on where the website is being hosted.
The WAF inspects every HTTP request for SQL injection, trojans, cross-site scripting, path traversal and many other types of attack. It performs each inspection in less than a millisecond.
Our security team regularly update our set of rules that filter-out malicious requests. This ruleset is made from commercially-available resources and custom rules written by the our security team.
All this goes on behind the scenes at Egac Web.
Cyber criminals have a common way of using ‘brute force’ to guess your website’s ‘admin’ password. They make use of applications that cycles through common and use trial and error to try to crack your credentials.
Our platform comes with a feature called StackProtect which monitors log-in attempts on your websites. It scans for potential ‘evil’ automated requests. When requests are detected, stackprotect deploys the use of Google’s reCAPTCHA tools and blocks those attempts when necessary.
This also stops our platform being slowed-down. It blocks up to six million requests – every day. Logins to our WordPress hosting platform are our most popular target, but StackProtect covers all common website logins.
