ETC Maryland has services for those who want fully managed hosting to if you want to do nearly everything yourself.
Let’s go through the points Wordfence raises:
- Backups. We do two backups per day. One is at noon and is on another server in the datacenter. The second at midnight is sent offsite. That offsite backup is then also sent to a cloud vendor for full DR for both the datacenter version and the offsite version. The archive is 14 days..and all backups are full backups. All accounts are automatically backed up with this backup system.
- Account Protection. All accounts are hand setup with extremely complex passwords. 2/MFA is being worked on. right now I want 2FA to be easy to use and actually secure. The implementations I have seen are neither of these.
- Account isolation. All accounts are isolated from each other. If one account gets compromised..the chances of that malware to get loose inside the rest of the server is as small as possible. ETC Maryland has not had one site be able to infect others at this time.
- UP to Date and patched servers: ETC Maryland current run Ubuntu 20.04 LTS. Patch checks are run daily. Security patches get applied daily. Other patches get applies weekly.
- Database Protection: The root password for the sql server is salted, and encrypted and NOT available to clients. The DB server is also not exposed to the internet. PHPMyAdmin is not used to manage the sql database server at the root level. Clients only have access to their databases. New clients have their account DB passwords generated by a random generator.
- Monitoring and logging: Clients have access to their accounts Apache logs. You also have access to awstats traffic logs. Lower level system logs are reserved for ETC Maryland. Logs are not accessible to the internet as a whole.
- Configuration defaults and flexibility. PHP Lmits are 128 Meg file size and upload. Scripts have a max execution/parsing time of 300 seconds.
- Network firewalls: The DC ETC Maryland is housed in has a DDOS protection system. If there is a DDOS it usually taken care of within minutes.
- Staging environment. ETC Maryland does not provide a staging area for websites.
- Email security: ETC Maryland does not provide email services. ETC Maryland recommends either Google or Office365 for email services.
- HTTPS certificates. ETC Maryland provides basic HTTPS for no additional cost. You do not have to pay any additional fees for HTTPS at ETC Maryland.