WPBeginner offers tutorials, tips, and tricks for WordPress beginners to improve their sites. With over 150K Twitter followers and almost 10 million monthly visitors, the website is undeniably popular.
The high-quality content provided by WPBeginner helps WordPress users make better decisions and gain awareness of their options. Using research and thought leadership, WPBeginner offers guidance in the form of tutorials, troubleshooting, reviews and recommendations. You can even find a detailed review by WPBeginner on the actions they took to mitigate over 450,000 attacks in a three- month time period.
Set an Example
Syed Balkhi is the founder of WPBeginner, among many other successful digital ventures. As a role model for new WordPress users, he takes security and performance very seriously. Syed carefully chooses service providers to ensure that WPBeginner is always up and running for visitors around the world.
Monitoring functionality, speed, and availability while under attack is something Syed is prepared for:
We would get a lot of feed attacks, which is aggressive DDoS-style attacks where bots would hit our feed and scrape it. We would try to block the caches, but there were times we would get 10s of 1000s of people with requests coming from just one IP address trying to get feed access, trying to bust the cache. Anytime they were able to bust the cache, they could DDoS the site.
Security and Performance
Syed has been a user of Sucuri since the company’s inception. He uses the free Security WordPress plugin to maintain good visibility into what is going on within the WordPress install, and the Website Security Stack (WSS) for continuous monitoring and protection against external attacks. In addition to these technologies, they have also followed a number of the more common recommendations to include:
On top of that, we have password-protected our wp-admin directory, disabled PHP execution, changed the default WordPress database prefix, and basically followed every other security “hardening” trick.
While you can follow all the “prevention” best practices at the software “WordPress” level, the reality of the matter is that security has to be addressed at the hosting-server level and more importantly the DNS level.
Syed first tested the Sucuri Firewall in early 2015 against another one of his very popular sites – List25.com. Within the first few months, the Sucuri dashboard showed nearly 180,000 blocked malicious attempts.
From May-August 2015 the top 5 blocked attacks against List25.com were:
- Spam Comments, ~70,986 (39%);
- DDOS attempts, ~27,907 (15%);
- Bad Bot access, ~18,565 (10%);
- Brute Force attempts, ~15,047 (8%);
- Evasion attempts ~10,575 (5.8%).
Because of the success with List25, Syed decided to migrate all his external properties, including WPBeginner to the Sucuri environment. The greatest value he received was having peace of mind that it was one less thing his team would have to worry about.
The issues we’ve experienced in the past motivated this move. After I tested the Sucuri service on List25 and my personal site, I just committed to get additional sites added to my account.
In addition to the obvious benefit of avoiding hacks and uptime issues, WPBeginner also benefits from increased performance via Sucuri’s CDN.
For more information on how we provide website protection and performance visit our website and chat with our Customer Happiness team today.
If you would like to be featured as our next customer case study, click the button above and fill in the form at the bottom of the page.