Infrastructure built to mitigate security threats

VIP’s infrastructure is designed to mitigate security threats and manage vulnerabilities at a platform-level.

• Security monitoring: Safeguards against attacks include monitoring of traffic pattern anomalies and spikes, and controlled responses to suspicious traffic patterns. Brute-force protections are built in at the network level; they monitor for unnatural behavior and dynamically apply restrictions.
• Data center security: End-to-end encryption from data centers at the edge to origin, resource and data isolation, and encrypted off-site backups. VIP origin data centers meet the International Organization of Standardization (ISO), International Electrotechnical Commission (IEC) 27001 certification and Standards for Attestation Engagements (SSAE) No. 18 SOC2 Type 2.
• Database protection: Databases for every application are containerized in a separate infrastructure, each with their own unique authentication. This mitigates the risk of unauthorized access between applications. Production database backups are taken each hour and maintained for 30 days. They are stored in an encrypted format to ensure data continuity while maintaining security.
• Firewalls: Network and host-based firewalls are built into the platform with real-time notification processes designed to prevent unauthorized access attempts.
• Security patch management: The VIP team promptly deploys security patches and other protections to mitigate critical vulnerabilities for software that runs on the platform such as WordPress, PHP, and Node.js.

Whole-site HTTPS is enforced for all sites on the platform, and an installed TLS certificate is required for a site to be launched and publicly accessible. Let’s Encrypt TLS certificates are available for all domains by default. Customers have the option to install custom TLS certificates for their domains.

Reduced attack surface

VIP’s infrastructure has reduced attack surfaces that help to protect applications against many common forms of attack.

• All web containers run in read-only mode. A read-only web container disallows plugins, themes, and other code from having write permissions. While this can occasionally cause plugin incompatibilities, it protects against vulnerabilities such as installation of backdoor shells and other malicious files.
• The code deployed to an environment’s read-only web containers can only be modified by GitHub users given write-access to an application’s wpcomvip GitHub repository. The customer governs user access to an application’s GitHub repository. Read, Write, or Admin permissions are selectively assigned to users at the customer’s discretion.
• Media files are stored in a separate, globally distributed object store called the VIP File System. Files within the /wp-content/uploads path are not located in a web container’s filesystem. It is possible to programmatically write a file to the /tmp directory of a web container or within the mapped /wp-content/uploads path on the VIP File System. Files that are written to either of those directories cannot be run or executed (e.g. PHP).

Enhanced security for WordPress applications

The popularity of WordPress as a content management system (CMS) often makes it a target for security threats. However, development of WordPress Core follows strict security standards, and multiple layers of security protocols are built in to the WordPress VIP infrastructure to strengthen protections for WordPress applications against many forms of security threats.

• At the network level, dynamic security protocols are in place that can be triggered by unusual behavioral patterns. These protocols protect unauthorized access and abuse of the login endpoint (/wp-login.php) and the XML-RPC endpoint (/xmlrpc.php). An automated attack would trigger VIP’s dynamic security measures, and login attempts would be completely blocked.
• The functionality of the WP Cron endpoint (/wp-cron.php) is disabled for all WordPress sites. Cron control on WPVIP is initiated and regulated by Automattic’s Cron Control plugin.
• Security releases for parts of the software stack on WordPress applications (e.g., WordPress Core and VIP MU plugins) are automatically deployed to all environments on the platform as quickly as possible.

WPVIP features for WordPress security management

Every WordPress application has access to custom features built by WPVIP for managing and heightening the security of WordPress sites on the platform.

• The WordPress Security Controls panel in the VIP Dashboard sets a baseline of security settings for all WordPress environments. Customers can adjust the settings in a VIP Dashboard panel to customize the enforcement of 2FA, management of inactive users, XML-RPC endpoint protections, and more.
• Codebase Manager automatically scans all plugins that are located in the /plugins directory of a WordPress environment’s wpcomvip GitHub repository branch. Known security vulnerabilities and available version updates identified by Codebase Manager are reported in the VIP Dashboard’s Plugins panel. Pull requests to upgrade plugins with available updates can be created within the VIP Dashboard’s Plugins panel.
• The VIP Code Analysis Bot (the Bot) automatically analyzes code that is pushed to to a WordPress application’s GitHub pull requests. Feedback from the Bot is posted in pull request comments based on the results of automated scans including Vulnerability and Update Scan, PHPCS analysis, PHP linting, and SVG analysis. 

Compliance

• FedRAMP Authority to Operate (ATO)
• Data Privacy Framework