Security should be a huge priority for any blogger. Awareness is possibly at an all time high for WordPress users, following the recent TimThumb security breach and WordPress.org repository hack (covered in our recent article).
At ManageWP, we recognize the importance of security, and have gone to great lengths to ensure that our platform is extremely well protected.
Think of your website’s data as the core of an onion. In order for any hacker to gain access to your data, they have to punch through several layers of security (like the layers of an onion). At ManageWP, we are constantly working towards strengthening those layers.
Let’s take a closer look at how ManageWP functions.
Your ManageWP Dashboard
Our data is stored in two datacenters, with primary located in the USA and the secondary in Germany, replicated in real-time. This allows us to quickly switch in the event of emergency.
We use secure (SSL) login capability only, which is the industry standard for secure logins. If you require further security, you have the option to limit logins to your account to specific IP address (or a range of addresses). You can find this in your Settings, under Advanced Settings.
Beyond that we added yet another layer of security with what is known as two-factor authentication. This requires you to enter a code sent to your mobile via an SMS message during login.
Your Site and ManageWP
One of our basic principles is “the less data we keep, the better passive security is”. To put it in a more straightforward fashion, we will never ask for your sites’ passwords.
Access to your site is governed by the ManageWP Worker plugin that you install directly onto your blog. When you install and activate the plugin, you must immediately link your site using the ManageWP dashboard. If you do not, another user could theoretically link to your site (although in reality, the likelihood of that occurring is absolutely miniscule). If you are not ready to link your site, just deactivate the plugin.
For those amongst you who are technically minded, communication between ManageWP and your sites is handled by OpenSSL signed protocol. We dumped the XML-RPC implemented in WordPress by default due to its vulnerability to traffic sniffing (i.e. it is inherently insecure). Instead, we use OpenSSL signed communication, which makes it nearly impossible for a hacker to fake any of the messages sent by ManageWP.
Backups
Backing up is something that often evades even the most well-intentioned bloggers, usually because it is a less than straightforward process. But with ManageWP, you can set up scheduled backups to Amazon S3, Dropbox, your own server, any external FTP or an email address for all of your blogs with just a few clicks.
Although the process is very simple, there are more powerful options for those who wish to customize their backup procedure which we will cover in one of the upcoming articles.
ManageWP Backup Options Screen
You’re In Safe Hands
As you may have gathered by now, we treat the issue of security very seriously, and are constantly endeavoring to ensure that your sites are very well protected.
Creative Commons image courtesy of Rotorhead
Thx. And which Version i must buy for self-hosted and Dashboard on own Server?
That would be the Enterprise version. http://managewp.com/self-hosted
Does ManageWP run on my own server? Or on managewo.com?
Thx, good work guys!
The worker plugin works on your server, while the dashboard works on ours. You can also purchase the self-hosted so you have dashboard running on yours too.
So can the next post explain about restore? Both methods using your own hosting space and from Dropbox, as this seems to be for me more important, is how to get the back back! Thx
Sure that’s a good idea.
So you have replicated data on 2 continents, great to know that! The SMS authentification is really the top of what web security can be, Google themself use that for their gmail and sensitive data.
Big thanks for the follow-up post, keep up the great work you’re doing with ManageWP