Performing website security checks manually can be an investment of valuable time, effort and money that most website owners can’t commit. With the monthly security reports, SiteGround will handle the heavy lifting for you, performing all necessary security checks and delivering user-friendly reports straight into your inbox.Daniel Kanchev
About inbox, I did receive an email – NEW: Monthly Security Reports straight to your inbox – early February 2023 inviting me to
sign up for the free SiteGround’s monthly security reports. I should1 have known about these Monthly Security Reports, but I do not have the time to follow SiteGround’s blog anymore. Allow me to make amends.
On December 12, 2022, SiteGround published a post New Monthly Security Reports Now Available to explain the what, why, and how of this new security feature. Although this blog post has only 1 comment (at the time of this writing), I believe it deserves more attention; hence this post.
Here is how Daniel Kanchev, Director Product Development at SiteGround, describes them:
Each month we will perform automated security checks for your website covering malware protection, SSL certificates, software exploits, brute force attacks, and other security areas. Based on our checks, you’ll receive a digestible summary of the results – including a total site security score, breakdown score for each security check, and actionable tips if some area needs your attention.
He then listed the benefits of the Monthly Security Reports:
- Site security information in one place
- Easy to understand format
- Actionable advice when needed
- Confidence that your website is protected
If we have identified an area of your site security that may be improved, the report will include easy-to-follow instructions on what can be done. Daniel Kanchev
The above benefit alone could have convinced me to sign up. However, chastened by my experience with SiteGround’s undertaking (e.g., SiteGround New Client Area and Site Tools), I was a little hesitant. In particular, reading that
you may easily monitor what we do on a regular basis to keep your website safe reminded me of their webinar about their latest security innovations (see below).
Would this feature be nothing more than masked advertising (again), if only to show you how great SiteGround is, or worse would the so-called actionable advice push you to buy SiteGround premium security features such as Site Scanner2. To get to the bottom of this, I checked their Monthly Security Reports explained article.
Just sign up and start receiving an actionable monthly report covering what SiteGround is doing to safeguard your site and highlighting security measures that you may have overlooked.
Knowledge base article
The aforementioned article does not explain much, actually:
- How to manage your reports subscription?
- How is your security score calculated?
- What security areas do we check?
Only the latter was informative. Here are the security areas that are checked each month:
Detected security incidents – Checks if your site currently has any security issues detected3.
Malware prevention – Checks if you are using all malware prevention options available4.
Malicious bot traffic protection – Checks how many malicious attempts have been mitigated by SiteGround’s brute force prevention system.
Software vulnerabilities exploit prevention – Checks how many software vulnerabilities attacks were mitigated for your specific site by our smart WAF (web application firewall).
Secure visitors’ connection to the site – Checks if you have an active SSL certificate issued for your site.
Data redundancy and failover – Checks how many backups you have. Every day, SiteGround performs an automated backup of your website and the space used for backups is not counted toward your account’s space quota.
PHP security – Checks if you are taking advantage of our managed PHP updates.
Account login security – Checks if you’ve enabled 2FA for your SiteGround account.
WordPress application security – Checks the overall security of your WordPress application – if you are using our managed update service, if you have outdated plugins and themes, and if you have activated our WordPress security plugin.
Except for the Detected security incidents – if it supersedes Site Scanner3 – and the Malicious bot traffic protection, none of the features were of interest to me. As predicted, they were looking like nothing but a push to activate SiteGround’s existing (premium) tools. Granted, I could add Software vulnerabilities exploit prevention to my list of exceptions, but I am more curious about SiteGround’s brute force prevention system for the reasons outlined in the following post.
I was about to skip, but here is the catch:
Starting from next year we will gradually begin to proactively send the reports to all our clients. In other words, signing up – or not – will not change anything. So, keeping with the below quote, I decided to sign up.
When you don’t decide, life decides for you.Marty Rubin
The subscription process
To subscribe or unsubscribe from a security report for any of your sites go to your Client Area -> Notification Preferences and click the pencil icon next to Monthly Security Reports.
Believe it or not, but I struggled to find my Client Area > Notification Preferences. After checking every tab, I went back to the post in which I gave a quick tour of the New Client Area. Guess what? I could not find anything about Notification Preferences. I had to search the Knowledge Base to figure out the complete path: Client Area > Profile Icon > Notifications Preferences.
Anyway, once there I discovered that there were three types of email notifications:
- New Features and Company Related News
- Promotions and Special Offers
- Monthly Security Reports
The first two were already active, but the latter was not.
I clicked on the pencil icon. Only my main site, namely cogitactive.com was listed; my subdomain was not there. Does this mean that my blog will not be checked? After selecting the only option available and clicking on Confirm, I saw a brief little Success pop-up. That’s it. The pencil icon remained the same; no indication that the feature was active or not. I assume that if I want to unsubscribe, I will have to repeat the procedure, but this time to unselect cogitactive.com.
Let’s see how long it will take me to come back to this page to revert my selection…
1 If I would have resumed my CogitActive activities. But as you may know, if you follow this blog, I am not here yet. ^
2As explained at the end of Site Tools (vs. cPanel) – part 4: Security, Site Scanner was the only upsell when I get my hosting plan. You may want to consider reading the dedicated section of the aforementioned post to know why I didn’t opt for it. ^
3 Going back to Site Scanner. It does not protect your website; it will only detect if the latter has been compromised by Malware threats. If there is an issue, you will receive an email notification – that is it. Does this new Detected security incidents feature supersede Site Scanner? ^
4 Will I receive – every month – a notification that I should purchase Site Scanner? ^