Secure WordPress hosting using account isolation – Why is it needed, and how to do it using OpenShift Origin
Studies show that, 26.4% of the internet is powered by WordPress. Now, that’s a big number, and a welcome news to many WordPress design and hosting companies. However, this popularity has given rise to a steep increase in attacks on WordPress websites. Are WordPress hosting companies prepared to defend attacks on such a large scale?
A case for secure WordPress hosting
In a previous post, we covered how to secure WordPress websites and hosting servers. A key take away from that post was to keep WordPress Core and plugins updated at all times. But, in real life, this seldom happens.
Webmasters often maintain multiple websites, some rarely used, and some actively used. Updates are usually applied on the actively used sites, while others are left un-patched. This opens a window for attackers to upload malware into the server.
In our server management services, malware infections are considered a tier 1 threat to server security. In many WordPress hosting servers, websites share the same network IP. If one site is infected, the malware can send out spam, or initiate outbound attacks, thereby disrupting business in all other sites. To prevent such business downtime, we scan the servers daily for vulnerable sites, apply patches, and keep the anti-malware firewalls updated.
Member of Executive Group, Bobcares
Custom configured anti-malware firewalls (such as ModSecurity and NAXSI) can block almost all malware infections. But, it is not 100% fool proof. An attacker who has access to the webmaster’s login details (through phishing, drive-by-downloads, etc.), can easily access the website, and inject malicious code in it.
So, it is important to have another layer of defense to protect websites from the ill effects of malware infection in a single account. This is where a security concept called “security by isolation” is useful.
Using account isolation for security
In a shared server, all customers share the same resources, network services, web server, mail server and database server. So, a malware infection in one account can potentially disrupt the business in all other accounts.
Now, what if we can put each account into its own individual silos? What if there’s no sharing of resources or services among multiple accounts? – That is what’s meant by “security by isolation“. The damage in one account is contained to only that account. Others will be safe.
There are a couple of ways to achieve account isolation for WordPress hosting:
- Using Virtual Machines such as Xen, KVM, etc.
- Using container virtualization solutions such as OpenVZ, Docker, etc.
Account isolation using Virtual Machines
Getting a physical server for each customer would probably be the best way to ensure isolation, but that is a costly proposition. The next best way is to use Virtual Machines like Xen, KVM, or VMWare. Each customer is given a fully isolated server environment, with independent IP, services and operating system. There’s no way that a malware in one account can affect the operations in another.
However, even this solution is still a bit too costly for an average WordPress webmaster. Virtual Machines are resource intensive, and only about 20 customers can be accommodated in a server with 16 GB RAM, Quad core processor and 250 GB HDD. This is a pretty low account density for 1 physical server.
For a WordPress hosting solution to be viable, servers should have better account density.
Isolation through container virtualization
In Virtual Machine systems such as Xen or KVM, the resources are hard limited to each customer, and a full operating system runs out of a disk image. This severely limits how many VMs can run out of a single physical server.
An alternate solution is to use container virtualization (aka OS virutalization) systems like OpenVZ or Docker. These systems use a single operating system to serve all the customers, but file system restrictions are used to effectively isolate each customer. Since there’s no heavy virtualization overhead, up to 5 times more server density can be achieved in comparison to Xen or KVM.
For all practical purposes of regular WordPress hosting, a container virtualization system will work fine. But if security is a prime concern for your hosting service, there’s a weakness you need to be aware of:
In container virutalization, all accounts share the same kernel. So if an attacker can run a kernel exploit, data in the whole server can be accessed.
So, it begets the question – Is there a better way?
Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.