Website Help
Monthly Security Reports explained

Monthly Security Reports explained

SiteGround’s monthly security reports are a great way to monitor your website security status. They provide you with a security score based on a number of automated checks, inform you what our systems are doing to protect your site, and point out available security options that you may not be using at the moment.

How to manage your reports subscription?

To subscribe or unsubscribe from a security report for any of your sites go to your Client Area -> Notification Preferences and click the pencil icon next to Monthly Security Reports.

This will open a popup that will allow you to choose the websites for which to receive the security reports.

The reports are sent to the administrative email we have on file for your client profile. You may expect to receive them at the beginning of each month for all subscribed sites that have been active for more than 30 days and have their domains pointed to SiteGround.

How is your security score calculated?

Each area we check is worth a specific number of points, depending on its importance to your site’s overall health. The more important the area, the more points it brings. If your site covers completely the security requirements in the specific area, you get the maximum possible points. If there are things that can be improved, you receive fewer or no points for this area and there is information in the report about what can be improved.

The total site security score shows what percentage of all applicable security points for your site you have received this month. The report also compares how your score has changed since the previous month.

What security areas do we check?

Each month we run automated checks for your website that cover the following security areas:

  • Detected security incidents – Checks if your site currently has any security issues detected.
  • Malware prevention – Checks if you are using all malware prevention options available.
  • Malicious bot traffic protection – Checks how many malicious attempts have been mitigated by SiteGround’s brute force prevention system.
  • Software vulnerabilities exploit prevention – Checks how many software vulnerabilities attacks were mitigated for your specific site by our smart WAF (web application firewall).
  • Secure visitors’ connection to the site – Checks if you have an active SSL certificate issued for your site.
  • Data redundancy and failover – Checks how many backups you have. Every day, SiteGround performs an automated backup of your website and the space used for backups is not counted toward your account’s space quota.
  • PHP security – Checks if you are taking advantage of our managed PHP updates.
  • Account login security – Checks if you’ve enabled 2FA for your SiteGround account.
  • WordPress application security – Checks the overall security of your WordPress application – if you are using our managed update service, if you have outdated plugins and themes, and if you have activated our WordPress security plugin.

Not all checks will be applicable for all sites at all times. For example the WordPress application security will not be included in the report until we detect a WordPress installation in your main site folder.

Share This Article