If your website has any way in which to pass over information – even a contact form – then it should use an SSL certificate. Sites covered by an SSL have the ‘https://’ URL. HTTPS protects the user by encrypting the information that goes from their device to the website servers. Having an SSL certificate has other advantages, too. It’s used by Google as a signal of the site’s ‘quality’. So by having one, you’ll have an advantage in the search results over websites that don’t. Our SSL certificates are ‘wildcard’, meaning that they cover subdomains too: like blog.yoursite.com, for example.
Our data centres are fully secure and are ISO27001:2017 certified. Their security features include:
Our servers are Payment Card Industry (PCI) Compliant. This means that our hosting servers are certified to be safe for online stores taking card payments, and the undergo regular audits. PCI standards are enforced through a group of major credit and debit card companies, like Visa, MasterCard, and American Express.
Having malware on your site can be disastrous. It can compromise your security, leading to fraud or identity theft. It can harm your reputation and performance in the search engines. Your website will be checked for malware daily, with our Malware Scanning service. If any malware is found, we’ll let you know and give you advice on how to remove it.
Distributed denial of service (DDoS) attacks are usually what has happened when it’s reported that a website has been ‘taken down by hackers’. It involves flooding a server with fake requests, as if millions of new people are visiting the site. This will prevent genuine users from accessing the site. Our DDoS protection will filter-out DDoS attacks. It can handle attacks of over 1 terabit per second, so even the largest attacks will be mitigated.
Emails can be a security risk, so we scan incoming emails for viruses and similar malware, blocking them before they reach your inbox. Spam is controlled by being filtered through anti-spam deny lists and content checkers. You’re given full control to allow certain emails from domains that might otherwise go straight in to your junk mail. Emails also have another layer of security through DKIM authentication, protecting you and those you send emails to against impersonation. Our servers have a great reputation, so your mail will never have problems being delivered.
Criminals might try to look for vulnerabilities in your applications: like your database, for example. Our web application firewall will help protect you by scanning for attempts to hack your site. It will look for attacks involving trojans, cross-site scripting, SQL injection, path traversal and other ways to gain access to your files. We use both commercial tools and bespoke rules written by ourselves.
Another avenue of attack is by ‘brute force’: using software to try multiple variants of common and short passwords in an attempt to guess the correct one. We have systems in place that will detect automated attempts at brute forcing passwords through trial and error, and use Google reCAPTCHA to detect genuine users.
Any data that can be personally identified or company data ie address are all encrypted. The control panel has MFA enforced and so every login is challenged.
Username's & password's are generated by the control panel. We do this to enforce strong usernames & passwords.
Access to the backend coding is blocked. If we do not need to use FTP then it will not be enabled as standard.
The coding has undergone a lot of testing/checks & the control panel itself has had Penetration Test conducted by ourselves internally.