What is PressARMOR™? Robert RowleyNovember 8, 2016 The question “What is PressARMORâ¢?” comes up now and again here at Pagely, and this post aims to answer that question. PressARMORâ¢, in short, is a series of procedures we apply towards WordPress security on behalf of our customers. It is not, however, a magic bullet — vendors offering all-encompassing WordPress security solutions tend to be ignorant of the breadth of security risks.PressARMORâ¢ helps prevent and mitigate attacks using security best practices, like firewalls and patching, but we don’t limit our security practices to just software. PressARMORâ¢ also includes how we train staff, perform outreach and research new threats.Here’s a non-comprehensive list of where we focus our security efforts:Server SecurityBuilding WordPress on a secure platform is vital. Servers maintained by our staff are kept up to date with regular package updates, and in the event of major security flaws, we ensure that the applicable patches get applied across our network in a timely manner.Compliance PracticesRegulatory and compliance needs are important to many Pagely customers, and our security staff are here to help as proverbial ‘security concierges.’ We assist with scheduling scans (through third-party vendors,) reviewing the final report generated for any major issues and help with the remediation process.Mitigation and MonitoringPreventing successful site/server attacks is critical. Equally important: taking steps to monitor services in the event an attack was successful and went undetected. Our systems perform daily scans looking for evidence of intrusion. In the event a successful attack is reported, our security team performs an investigation, described below under Incident Response.Incident ResponseWe take steps to investigate every security incident identified or reported. The goal is to provide our customers with details on the attacker’s actions and recommended remediation steps. The investigations we perform not only help the site affected, but all sites we host. We use the knowledge of successful attacks to help improve site security for all of our customers.Employee TrainingSecurity concerns are not kept quiet or pushed off as someone else’s problem here at Pagely. Every team is involved and aware of security risks and each team member does their part.Community OutreachWe also understand that securing just your network is not the be all and end all of security. Giving back to the community and sharing security issues with others is key. As more sites are able to protect themselves from attacks and WordPress becomes a harder target to compromise, fewer attacks are likely to occur.EvolutionFinally, it’s important to note that PressARMORâ¢ is always evolving. Some features described above were not as well developed last year as they are today. By next year these features and functions will continue to develop and improve what we call “PressARMORâ¢”.The effort we have put into PressARMORâ¢ has been fruitful. Within the last few months our incident response program has provided us with important details on brute force attacks. Using that knowledge, we enacted new mitigation methods and have all but nullified this attack vector. You can read about it on the blog post “Wild West of Bots and Brute Force Attacks” – as well as where I made light of here: “One Rogue Plugin”Security does not end with us, though -it will always include you, our customer. This blog is part of our security outreach so please keep an eye for new posts about WordPress Security here on this blog. Check there as well for posts in the future which may detail further the current state of PressARMORâ¢.November 8, 2016 WordPress Security plugin security wordpress Author Robert Rowley I am the DIrector of Security and Privacy here at Pagely, I occasionally write on these matters as the affect Pagely customers and the WordPress community as a whole. Dabbles with Haikus.