As a website owner, keeping your website secure and protected from potential threats and attacks is crucial. With so many elements to consider, it can take time to keep track of the security measures you have in place and to identify any potential weaknesses.
SiteGround has made this easier for you with its Monthly Security Reports. With just a simple sign-up, you’ll receive a comprehensive and actionable report each month that covers all aspects of your website’s security, including:
- Malware protection
- SSL certificates
- Software exploits
- Brute force attacks
- And more
Get peace of mind knowing that SiteGround is working to protect your website. Use the Monthly Security Reports as your go-to resource for staying on top of your website’s security status.
Each report includes:
- A total site security score
- Breakdown score for each security check
- Actionable tips if some area needs your attention
Receive all this information and more straight to your inbox. With SiteGround’s Monthly Security Reports, you’ll have a digestible summary of your website’s security status at your fingertips.
This article will look at how to sign up for SiteGround’s Monthly Security Reports. Then, we’ll take a look at what they look like.
Let’s get started.
How to Sign Up for SiteGround’s Monthly Security Reports
The first step is to log into your SiteGround SiteGround client area.
You can find details on how to do this in the following articles:
Following these steps, you’ll be in SiteGround’s Client Area.
The next step is to go to your Notification Preferences page. This is where you can sign up for SiteGround’s Monthly Security Reports.
To do this, click on your profile icon in the top right corner of the page.
Then, click on the Notification Preferences link.
Click the edit icon next to the Monthly Security Reports option.
This will bring up a pop-up modal where you can edit your preferences in the next step.
In the modal, select the websites you want to receive the Monthly Security Reports for.
Then, click the “Confirm” button.
And that’s it! You’re now signed up to receive SiteGround’s Monthly Security Reports.
What are SiteGround’s Monthly Security Reports?
Now that we have enabled SiteGround’s Monthly Security Reports, you should expect to receive your first report after 30 days have elapsed, between the 1st and 10th of each month.
Let’s take a look at what they look like and what’s in them in more detail.
First, you’ll receive an email with the subject line: SiteGround Monthly Security Report for [your domain name].
At the top of the email, you’ll see a summary of your website’s security status. This includes a total score out of 101, a percentage score, and a percentage change over the previous month.
The total score is based on the following:
- Active site security incidents
- Malware detection and prevention
- Security of visitors’ connection to your site
- Brute force and malicious traffic prevention
- Software vulnerabilities exploit prevention
- Data redundancy and failover
- PHP security
- Account login security
- WordPress Application Security
Let’s take a look at each of these in more detail.
Active Site Security Incidents
This section shows you the number of active security incidents on your website. These are issues that SiteGround has detected and is currently working to resolve.
Malware Detection and Prevention
This section shows you the number of malware files SiteGround detected on your website. It also shows you the number of malware files that have been removed.
However, you must sign up for SiteGround’s Site Scanner to get this information. In the absence of this, you’ll see a message that says: You have no active malware detection service at the moment.
In addition, you’ll receive zero points for this section of the report.
We have written a detailed article on SiteGround’s Site Scanner that goes into detail on what it is and whether it’s worth it.
As the site subject to this report is still in development, we have not signed up for SiteGround’s Site Scanner. Therefore, we have not received any malware detection information, as shown in the screenshot below.
Security of Visitors’ Connection to Your Site
This section shows you whether there is an active SSL certificate on your website.
It also recommends using SiteGround’s HTTPS Enforce Tool to ensure that all traffic to your website is encrypted. The following tutorials will help you do this:
Here is a screenshot of the section in the report:
Brute Force and Malicious Traffic Prevention
This section shows you the number of IP addresses blocked or marked as suspicious by SiteGround’s in-house brute force prevention system.
If an IP has been marked as suspicious, they will have to solve a CAPTCHA before they can access your website.
In our report, 195k IPs were blocked, and 181k IPs were marked as suspicious, as shown below:
Software Vulnerabilities Exploit Prevention
This section shows you the number of times SiteGround’s Web Application Firewall (WAF) has blocked an attack on your website.
In our case, despite being a new site in development, a total of 128 attacks were mitigated.
Data Redundancy and Failover
This section shows you the number of available website backups should you need to restore your website. In addition, you can see the amount of backup storage space that is available.
As this report requires your site to be active for at least 30 days, you should see at least that many backups available. In our case, we have 32 backups available (as we have taken some on-demand backups), as shown below:
In addition to SiteGround’s backups, we recommend taking your own backups of your website. There are many WordPress plugins that can do this for you, or alternatively, you can back up your files and databases manually. The following articles will help you do this:
- How to download a backup of your website’s public folder
- How to download a backup of your website’s database
Obviously, you should only use these backups as a last resort, as they may not be as up-to-date as SiteGround’s backups. In addition, be careful not to use more than your allocated resource allowance, as this could result in your website being suspended. Taking backups can be resource intensive.
However, we highly recommend taking a backup at least once per month in case of an emergency. It has been known for users to let their hosting expire and not realize it for months, only to find out that the host has deleted all their data, including backups.
PHP Security
This section checks whether you are using SiteGround’s managed PHP version. By using SiteGround’s managed PHP version, you will receive automatic updates to the latest stable and secure version of PHP and security updates.
Account Login Security
This section checks if you have two-factor authentication enabled on your account. If you do not have two-factor authentication enabled, you should enable it as soon as possible.
As you can see, we have been very bad at enabling two-factor authentication on our SiteGround account. We will be enabling it as soon as possible. It shows how important it is to check your monthly security report.
WordPress Application Security
This section checks the following security issues for your WordPress installation:
- That WordPress core auto-updates are enabled
- That WordPress plugins are fully updated
- That WordPress themes are fully updated
- That the SiteGround Security plugin is installed and activated
Note: This section only covers your main WordPress installation. If you have any other WordPress installations on your account, you will need to check them manually.
For this reason, SiteGround recommends you keep all installations added to their auto-updater and ensure their SiteGround Security plugin is installed and activated on all installations.
Final Thoughts
The security of your website is of utmost importance, and SiteGround’s Monthly Security Report helps you stay on top of it.
You’ll also receive actionable tips and recommendations to help address any areas that need attention, ensuring that your website remains secure and protected.
The screenshots above show that even the most experienced webmaster can miss things (we have now activated two-factor authentication), and that’s why we recommend that you activate the Monthly Security Report today.