Meet the SiteforLess Cloud Infrastructure

This is Managed WordPress Hosting at it's Best: Robust, Secure, Fast, U.S. Based...

At SiteforLess, we strive toward 100% uptime on all of our managed WordPress services for our clients while offering robust security and protections designed to keep our systems running around the clock.

 

We host and manage all of our solutions within this environment so that we can offer our clients the best possible performance and security.

Managed DNS and CDN

Maximizing security and throughput at the edge of the Internet

Because we are a full-service managed WordPress solution provider, we handle our client DNS records on their behalf. Our anycast DNS infrastructure is global in scale and designed to maximize throughput closest to where the request originates.

Comprised of over 23 data centers around the world, this robust system helps to protect against DDOS attacks and enhances speed.

dns cdn - Cloud Hosting Infrastructure

This system also serves as a content distribution network. While others charge extra for this service, with SiteforLess it is fully integrated into our offering. Our CDN automatically caches your website and delivers requested content directly to visitors. This reduces requests by 55% and bandwidth by 40%. Should your website ever see a huge spike in legitimate traffic, our infrastructure automatically scales right at the content distribution network to help handle the workload.

Proudly Co-Located At TierPoint

A Leading Data Center Infrastructure Specialist

Our cloud-based hosting environment runs from within a dedicated system co-located with TierPoint, an industry-leading data center specialist with an eye on supporting mission-critical demands. TierPoint’s massive data center footprint offers our environment unprecedented growth capabilities while also supplying potent access to the backbone of the Internet.

tierpoint map 11 21 - Cloud Hosting Infrastructure

Our data centers meet the strictest compliance guidelines and have both physical and environmental security in place to prevent interference with our premises.  We also have an access control layer to ensure only approved users are granted access to appropriate systems and resources.

Enterprise Cloud
Our cloud offers High Availability, Availability Zones, Auto-Scaling, and Load Balancing.

Enterprise Storage
We leverage redundant, high-performance, distributed SSD SANs that are tuned for speed and reliability.

Enterprise Connectivity
All of our connections are kept at a low utilization to allow high bursting and resistance to denial of service (DoS) attacks.

Smart Routing & Proactive Management
The network makes use of InterNAP Flow Control Platform (FCP) intelligent BGP to provide smart routing across the global internet. FCP adaptive networking software provides adaptive management for network infrastructure.

Gigabit Connectivity to Multiple Carriers
Our datacenters all feature multiple gigabits of connectivity to multiple “Tier 1” backbones to handle even the most demanding needs.
We currently connect with Telia, Level 3, Cogent, Suddenlink, and NTT.

True Redundant Network
Built-in redundancy through multiple redundant network connections and redundant routers.

A+B Power
With A+B power you have 2 power feeds fed by 2 separate UPSs (battery backup), 2 separate generators, and 2 separate utility feeds. We use the A+B feeds for all equipment — network switches, compute nodes, and storage nodes.

In addition, we ensure the following with our managed WordPress environment:

  • Department of Defense server access protocols including multi-factor authentication protocols.
  • Secure and Compliant Forms (GLBA, HIPAA, E&O) with optional End-to-End encrypted direct Email delivery of information.
  • Real-time encryption of stored form data at the field level.
  • 7-year Compliance Archiving of Live Chat Conversations.

SiteforLess WatchDog™ 7-Layer Security

The Most Comprehensive Managed WordPress Security System Available Today

SiteforLess WatchDog™ works hard to protect your site from attacks by unauthorized visitors.  While no system is impenetrable, we pro-actively work on your behalf to protect your site from malicious behavior and hacking attempts.  The SiteforLess WatchDog™ works behind the scenes in a transparent manner. There is zero noticeable impact on page serving speeds.

System Management

The best practice for preventing attacks is to have a managed system where security patches are applied on a regular basis and core platform systems are updated regularly.  (These include servers, WordPress, Themes, and Plugins.) Part of our Managed Hosting Solution includes keeping all of these core files up-to-date without your needing to lift a finger.

Data Center Security

All data centers utilized by SiteforLess are required to pass a series of critical audits to ensure compliance with critical regulations including HIPAA/HITECH, GLBA, PCI-DSS v3.2, and ITAR.  All Email services are co-located with Rackspace.  All other services are co-located with TierPoint.

Firewalls & Security Layers

We use multiple distinct firewalls and security systems at various stages of access to our environment. We offer protection against ICMP, SYN, and UDP flood attacks and basic DOS packet floods. Each security layer is specifically tuned to accomplish specific goals…

  • The first exists directly at the DNS layer and filters IP addresses with known bad behavior.
  • The second exists at the environment level and leverages Artificial Intelligence to further diminish attacks.
  • The third is a front-facing anti-malware system that constantly scans the cloud for potentital threats and eliminates them.
  • The fourth is an application firewall that stands in front of our WordPress cloud. This scans more than 300 additional attack vectors, including specific attacks designed to target WordPress.
  • The fifth is within WordPress itself. This monitors behaviors within WordPress itself and protects against internal attacks.
  • The sixth is designed to protect sites against comment spam from bots and automated systems.
  • The seventh is designed to protect user accounts.

Anti-Hacking

Most hackers try to break into sites for nothing more than bragging rights.  Others seek to do real economic damage.  We have identified the major types of hacking attempts and have worked to protect our system as much as possible from such attacks.

  1. Directory Traversal1 -a hacker’s attempt to expose proprietary information.
  2. SQL Injection1 -These attacks seek to obtain or modify information from databases in a way that the hosting environment doesn’t expect.
  3. Executable File Upload1 -These seek to upload executable files that will then allow an attacker to take control of your site.
  4. Field Truncation1 -An attempt to use whitespace characters to pass information that would otherwise not be permitted.
  5. Brute Force Password Attacks -Hacker’s use automated systems to try and guess passwords.  We suppress the error messages such systems rely upon thus complicating the password guessing process.  We also lockdown access to the login screen from IP addresses that have had too many failed login attempts in a row.  Our system administrators can unblock logins from a restricted IP address with permission from an authorized user.
  6. System Vulnerability Attacks -Hackers share the system vulnerabilities they find with other hackers.  As a result, hackers use scanners to seek out identical systems deployed using the same technology in an effort to apply the same hacking techniques across multiple deployed sites that may have identical vulnerabilities.  We mask the majority of details about our system and even include some false information as well.  This helps to confuse these automated systems.
  7. Design Vulnerability Attacks -Hackers often find ways to break sites by attacking the site’s core design files.  We employ a number of security measures to deny access to these files.  However, we also use an active scanning system that monitors for any potential corruption and alerts our staff immediately if anything suspicious has been detected.

NOTE:  System administrators are immediately notified if suspicious activity is detected and geolocation information is recorded for verification if suspicious activity is not from an expected IP address.

SSL Site Encryption

For all sites that are managed by our DNS system, we offer full SSL encrypted sessions for both the front-end of the site as well as back-end editor access.

Databases

To enhance performance and maximize flexibility, our system uses an SSD based data store. We actively monitor database security and use techniques to protect databases from intrusion.

All data submitted via forms is encrypted in real-time at the FIELD level with zero impact on site speed. Even if a hacking attempt was successful and the data was somehow downloaded, the information contained would be useless to hackers.

Traffic Blocking

SiteforLess is specifically designed to serve targeted markets including the U.S., Canada, the U.K., Ireland, Austrailia, and New Zealand. (Currently, we primarily serve the U.S.) We actively filter ALL OTHER traffic from across the globe. If an originating IP address is outside of our target markets, we immediately require additional levels of human verification to access our systems. In addition, the minute we detect inappropriate behavior (such as certain specific login attacks) we suspend access to our cloud from that originating IP.

In addition to overtly blocking traffic from certain countries, we actively participate in a special project that helps to block additional IP addresses associated with malicious behavior.  To date there are over 45,000,000 trap addresses participating in this project that monitor for bad behavior:

  • We protect against spam harvesters -so far about 79,369 have been identified.  A harvester is a computer program that surfs the internet looking for email addresses. Harvesting email addresses from the Internet is the primary way spammers build their lists. Harvesters must connect to the Internet through an IP address.
  • We protect against Dictionary Attackers -so far about 9,967,011 have been identified.  In addition to harvesting, spammers also use a technique known as a dictionary attack in order to find new email addresses. A dictionary attack involves making up a number of email addresses, sending mail to them, and seeing what is delivered. Dictionary attackers typically send to common usernames.
  • We protect against known Comment Spammers -so far about 302,852 have been identified.  Comment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer. The purpose of these links is both to drive traffic from humans clicking on the links, as well as to increase search engine rankings which are sometimes based on the number of links to a page.
  • We also protect against “Bad Search Engines” that actually have malicious intentions -about 303,000 have been identified.  In addition to denying access to malicious search engines, we also utilize an aggressive set of robots rules that help to filter out questionable search activities performed by lesser known search engines which seem to be associated with content scraping, etc.

 

Users

  • Administration:  We provide several standard classes of users -from Administrators to Authors to Subscribers -and a few extra in-between.  This affords our customers significant flexibility in controlling who has access to what within your site’s infrastructure.  In addition, if our standard settings aren’t appropriate for your circumstances -the security settings can be defined even more tightly for each user class.
  • Passwords:  We enforce a password policy requiring passwords to be of a minimum size.  In addition, our system analyzes passwords at the moment of creation and provides you with a report on the password’s strength.

 

Pin It on Pinterest