HOW SECURE ARE YOU?
On every server we have multiple options of Web Application Firewalls; 7G firewall, Modsec3+ WAF with OSWAP 10 rule set in place. We can apply tons of customisation options like country blocking, paranoia settings, individual IP white/blacklisting, and a lot more. The servers are hardened with root access only via SSH key and have Fail2Ban and UFW preinstalled. Each per Site/System user has isolated processes locking it down even more. Malware is handled by Linux MalDet and ClamAV which are configured. We also Include PatchStack subscription per website as standard and 2 Factor Authentication.
We rigorously keep the environment up to date, review the security logs and taken every precaution reasonably possible but no one can be 100% sure.
WHAT PLUGINS DO YOU ALLOW?
We do not allow any caching, security or performance plugins, we already have them included plus we already do it at the server level which is way more efficient and secure. More importantly if we see a poorly written, unsupported, unlicensed or insecure plugin we will disable it. Security, performance and legal compliance is the main driver for the decision so choose wisely. We will let you know but it will be your responsibility to find an alternative.
WHAT TYPE OF WEBSITES ARE ALLOWED?
WordPress and only WordPress. No other php based or static sites allowed. Take a look at our terms a service for explicit details. A site needs to be tied to an ABN and sizing guide lines will be reviewed depending on each sites requirements.
WHAT SERVICES ARE DISABLED?
We have disabled Comments, RSS, WPCron and Email. These services are responsible for the majority of security problems. If you require any of these services we suggest using an external service like Disqus, Gmail or similar. Every plan includes WP SMTP Mail plugin. You can utilise SendGrid or other services for transactional email and the local Cron facility instead on Wp-Cron. Need something we are here to help.
WHO FIXES THE WEBSITE IF IT GOES DOWN OR IS HACKED.
We do. That’s our job.
WHAT CONSOLE ACCESS DO I GET?
Being a full concierge service the only screen you need to see is the WP Admin console. We do the lot so you don’t have to. We are happy to work with you to make your experience enjoyable.
WHAT IS NOT COVERED?
Any customisation to WordPress, form configuration, custom fields, Woocommerce / LMS setup and creation of child themes, content updates and the likes. Please see our Consult section to see where we can help.
CAN I ON SELL AND INVOICE MY CUSTOMERS?
We are a white label service and designed it so from the outset and before you ask we do not offer bulk discounts and your customers will not be able to contact us directly. We collect payment for each server/website automatically from a credit card. This is done the first of the month. After payment is received an automatic receipt email is sent. How you like to invoice your customers is up to you. Add whatever markup you like.
WHO CAN CONTACT YOU FOR SUPPORT?
Whoever pays us is the authorised contact for security and economic reasons. We do not accept additional support contacts other than the one nominated per account.