Web Hosting / SiteGround

Why You Need SiteGround's Monthly Security Report

Feb 07, 2023
7 min read
SiteGround Monthly Security Report

As a website owner, keeping your website secure and protected from potential threats and attacks is crucial. With so many elements to consider, it can take time to keep track of the security measures you have in place and to identify any potential weaknesses.

SiteGround has made this easier for you with its Monthly Security Reports. With just a simple sign-up, you’ll receive a comprehensive and actionable report each month that covers all aspects of your website’s security, including:

  • Malware protection
  • SSL certificates
  • Software exploits
  • Brute force attacks
  • And more

Get peace of mind knowing that SiteGround is working to protect your website. Use the Monthly Security Reports as your go-to resource for staying on top of your website’s security status.

Each report includes:

  • A total site security score
  • Breakdown score for each security check
  • Actionable tips if some area needs your attention

Receive all this information and more straight to your inbox. With SiteGround’s Monthly Security Reports, you’ll have a digestible summary of your website’s security status at your fingertips.

This article will look at how to sign up for SiteGround’s Monthly Security Reports. Then, we’ll take a look at what they look like.

Let’s get started.

How to Sign Up for SiteGround’s Monthly Security Reports

And that’s it! You’re now signed up to receive SiteGround’s Monthly Security Reports.

What are SiteGround’s Monthly Security Reports?

Now that we have enabled SiteGround’s Monthly Security Reports, you should expect to receive your first report after 30 days have elapsed, between the 1st and 10th of each month.

Let’s take a look at what they look like and what’s in them in more detail.

First, you’ll receive an email with the subject line: SiteGround Monthly Security Report for [your domain name].

At the top of the email, you’ll see a summary of your website’s security status. This includes a total score out of 101, a percentage score, and a percentage change over the previous month.

SiteGround Monthly Security Report: Monthly Security Score

The total score is based on the following:

  • Active site security incidents
  • Malware detection and prevention
  • Security of visitors’ connection to your site
  • Brute force and malicious traffic prevention
  • Software vulnerabilities exploit prevention
  • Data redundancy and failover
  • PHP security
  • Account login security
  • WordPress Application Security

Let’s take a look at each of these in more detail.

Active Site Security Incidents

This section shows you the number of active security incidents on your website. These are issues that SiteGround has detected and is currently working to resolve.

SiteGround Monthly Security Report: Active Site Security Incidents

Malware Detection and Prevention

This section shows you the number of malware files SiteGround detected on your website. It also shows you the number of malware files that have been removed.

However, you must sign up for SiteGround’s Site Scanner to get this information. In the absence of this, you’ll see a message that says: You have no active malware detection service at the moment.

In addition, you’ll receive zero points for this section of the report.

We have written a detailed article on SiteGround’s Site Scanner that goes into detail on what it is and whether it’s worth it.

As the site subject to this report is still in development, we have not signed up for SiteGround’s Site Scanner. Therefore, we have not received any malware detection information, as shown in the screenshot below.

SiteGround Monthly Security Report: Malware Detection and Prevention

Security of Visitors’ Connection to Your Site

This section shows you whether there is an active SSL certificate on your website.

It also recommends using SiteGround’s HTTPS Enforce Tool to ensure that all traffic to your website is encrypted. The following tutorials will help you do this:

Here is a screenshot of the section in the report:

SiteGround Monthly Security Report: Security of Visitors' Connection to Your Site

Brute Force and Malicious Traffic Prevention

This section shows you the number of IP addresses blocked or marked as suspicious by SiteGround’s in-house brute force prevention system.

If an IP has been marked as suspicious, they will have to solve a CAPTCHA before they can access your website.

In our report, 195k IPs were blocked, and 181k IPs were marked as suspicious, as shown below:

SiteGround Monthly Security Report: Security of Visitors' Connection to Your Site

Software Vulnerabilities Exploit Prevention

This section shows you the number of times SiteGround’s Web Application Firewall (WAF) has blocked an attack on your website.

In our case, despite being a new site in development, a total of 128 attacks were mitigated.

SiteGround Monthly Security Report: Software Vulnerabilities Exploit Prevention

Data Redundancy and Failover

This section shows you the number of available website backups should you need to restore your website. In addition, you can see the amount of backup storage space that is available.

As this report requires your site to be active for at least 30 days, you should see at least that many backups available. In our case, we have 32 backups available (as we have taken some on-demand backups), as shown below:

SiteGround Monthly Security Report: Data Redundancy and Failover

In addition to SiteGround’s backups, we recommend taking your own backups of your website. There are many WordPress plugins that can do this for you, or alternatively, you can back up your files and databases manually. The following articles will help you do this:

Obviously, you should only use these backups as a last resort, as they may not be as up-to-date as SiteGround’s backups. In addition, be careful not to use more than your allocated resource allowance, as this could result in your website being suspended. Taking backups can be resource intensive.

However, we highly recommend taking a backup at least once per month in case of an emergency. It has been known for users to let their hosting expire and not realize it for months, only to find out that the host has deleted all their data, including backups.

PHP Security

This section checks whether you are using SiteGround’s managed PHP version. By using SiteGround’s managed PHP version, you will receive automatic updates to the latest stable and secure version of PHP and security updates.

SiteGround Monthly Security Report: PHP Security

Account Login Security

This section checks if you have two-factor authentication enabled on your account. If you do not have two-factor authentication enabled, you should enable it as soon as possible.

As you can see, we have been very bad at enabling two-factor authentication on our SiteGround account. We will be enabling it as soon as possible. It shows how important it is to check your monthly security report.

SiteGround Monthly Security Report: Account Login Security

WordPress Application Security

This section checks the following security issues for your WordPress installation:

  • That WordPress core auto-updates are enabled
  • That WordPress plugins are fully updated
  • That WordPress themes are fully updated
  • That the SiteGround Security plugin is installed and activated

Note: This section only covers your main WordPress installation. If you have any other WordPress installations on your account, you will need to check them manually.

For this reason, SiteGround recommends you keep all installations added to their auto-updater and ensure their SiteGround Security plugin is installed and activated on all installations.

SiteGround Monthly Security Report: WordPress Security

Final Thoughts

The security of your website is of utmost importance, and SiteGround’s Monthly Security Report helps you stay on top of it.

You’ll also receive actionable tips and recommendations to help address any areas that need attention, ensuring that your website remains secure and protected.

The screenshots above show that even the most experienced webmaster can miss things (we have now activated two-factor authentication), and that’s why we recommend that you activate the Monthly Security Report today.