Security Tools #
When we manage your website under one of our hosting, care, or perimeter plans, we secure your website with a number of tools that together provide multiple layers of protection.
The tools available to you depend on how much control we have to your infrastructure.
- When you host with us, we have the greatest level of control and can usually use all of the tools at our disposal.
- When you get a care or perimeter plan for a website hosted elsewhere, the availability depends on the level of access we can get to your server and your domain. Some hosts provide adequate access and others don’t.
- Even when we have adequate access, there are some rare cases where custom-coded plugins are incompatible with one or more of our security tools. In those situations, we’ll discuss the options with you.
| Tool | Hosting | Care | Perimeter |
|---|---|---|---|
| iThemes Security Pro a WordPress plugin designed specifically to protect against common attacks against WordPress websites | yes | yes | yes |
| Astra Web Security a multi-layer security tool that provides malware and login protection, and monitors for many other kinds of threats (not related to the Astra theme) | yes | if possible | if possible |
| virusdie a server-level antivirus and web application firewall (WAF) that also provides some protection against malware | yes | if possible | if possible |
| UFW a system-level server firewall | yes | no | no |
| 7G a powerful static open source server-level firewall that protects “against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense” | yes | no | no |
| Cloudflare an intelligent network-level firewall that improves your website’s performance and protects against bots, malware, and DDoS attacks before they even reach your server | yes | if possible | if possible |
Secure Behavior #
Tools can only go so far. If you have every conceivable security tool running but use a weak password, for example, your website will still be insecure.
We do a number of things to encourage secure behavior:
- We enable various security settings designed with that in mind, such as multi-factor authorization (MFA), strong password requirements, and so forth.
- If we ever need to send each other passwords or other sensitive information, we only use secure channels to do so.
- We encourage you to use a password manager (like Bitwarden).
- We only use SSL and never install websites without it.
- We gradually improve the security of your domain and your website with more secure SSL settings, HSTS, and so forth.
- We monitor your website’s security on a weekly basis, at least.
- We back up your website at least daily to multiple locations using different techniques to ensure we can recover if anything happens to your website.
- We offer additional security services upon request, such as automated pentesting, ModSec, and heightened security measures.
This list is not meant to be comprehensive. It’s an illustration of the kinds of things we do to secure your website and help you keep it secure over time. We’re constantly working to improve our security measures.
