Seravo Plugin – Security
Our hosting is built specifically for WordPress, which allows us to focus our security measures on WordPress, so it's only natural that we included a security page in Seravo Plugin too. This page allows you to manage the different options related to security policies and keeping your site secure in general.
Some of our security measures are optional, and must be opted-in to by the site owner. This is because these measures might limit the functionality of the site, thus breaking some features if enabled blindly on every site. We still recommend enabling these on your site, even if we don't force you!
Most sites we host are able to use these extra security measures, but you should test that your site works after enabling any of these optional measures.
Recent Successful Logins
The recent successful logins postbox lists the most recent login attempts that successfully gained access to the site. The usernames seravo and seravotest are used by our staff, monitoring, and update systems. We automatically monitor, limit and prevent brute forcing attempts for all sites, which is why we don't list the unsuccessful login attempts here.
If you notice anything suspicious on this list, please contact our customer support immediately at firstname.lastname@example.org.
Removing unnecessary, exposed, and potentially dangerous files can be done with the help of our cruft files tool. It detects files such as exposed databases, text files, backups made by plugins, and unnecessary folders.
Here as an example, the tool has flagged a .sql database file that is sitting in the public webroot. This file is thus publicly exposed and could be a danger to the privacy and security of your users and site, depending on the data stored inside. The .sql file in this case is harmless and empty, but there have been cases where a database was left exposed after an export or import operation, which is why you should periodically use this tool to make sure everything's as it should be.
Please don't delete any files unless you're sure they are unnecessary.
Deactivated plugins should always be removed if you're not planning on activating them again soon. This tool will help you by listing unused, performance hindering, and otherwise foolish plugins.
A good example of plugins that can be safely removed is All-in-One WP Migration that we install by default to aid in migrating your site over to our service. After the site has been published, there's really no reason to keep the plugin around, so it should be deleted. The tool also checks if the active plugins have known issues or security vulnerabilities.