As a managed provider, we care deeply about our customers' security. On the 25th of September, we'll be introducing a new security measure to help keep your server safe.
Many of our customers use WordPress to power their websites. We'll be adding built-in rate-limiting of logins and xmlrpc requests to all our managed servers. What that means is hackers or bad bots will be temporarily blocked from your server if they:
- Try to log in an unreasonable number of times
- Try to send an unreasonable number of requests to xmlrpc.php
If you don't use WordPress, you probably won't benefit from this particular improvement. If you do, your site is becoming a little more secure. You don't need to take any action for this, and the new rate limiting should never get in your way if you are a human being.
We've tested the new rate limiting to make sure it's stable, but if you'd still prefer to opt your server out of it, please create a file on your server called /etc/csf/regex.optout, or contact our support department, and ask them to do this for you. If you simply don't use WordPress, you don't need to opt out.
For full technical details, these changes will be made:
- Your /etc/csf/regex.custom.pm file will be overwritten: you'll still be able to find your old one at /etc/csf/regex.custom.pm.old if you need it
- Your CUSTOM9_LOG variable in /etc/csf/csf.conf will be changed
If you have any questions, please don't hesitate to get in touch with us.
Friday, September 20, 2019