Security should be a huge priority for any blogger. Awareness is possibly at an all time high for WordPress users, following the recent TimThumb security breach and WordPress.org repository hack (covered in our recent article).
We recognize the importance of security here at ManageWP, and have gone to great lengths to ensure that our platform is extremely well protected.
Think of your website’s data as the core of an onion. In order for any hacker to gain access to your data, they have to punch through several layers of security (like the layers of an onion). At ManageWP, we are constantly working towards strengthening those layers.
Let’s take a closer look at how ManageWP functions.
Your ManageWP Dashboard
Our data is stored in two datacenters, with the primary center located in the USA and the secondary center in Germany. All data is replicated in real-time, which enables us us to quickly switch in the event of emergency.
We use secure (SSL) login capability only, which is the industry standard for secure logins. If you require further security, we provide the option to limit logins to your account to specific IP address (or a range of addresses). You can find this in your Settings, under Advanced Settings.
Beyond that we added yet another layer of security with what is known as two-factor authentication. This requires you to enter a code sent to your mobile via an SMS message during login.
Your Site and ManageWP
One of our basic principles is “the less data we keep, the better passive security is.” To put it in a more straightforward fashion, we will never ask for your sites’ passwords.
Access to your site is governed by the ManageWP Worker plugin that you install directly onto your blog. When you install and activate the plugin, you must immediately link your site using the ManageWP dashboard. If you do not, another user could theoretically link to your site (although in reality, the likelihood of that occurring is absolutely miniscule). If you are not ready to link your site, just deactivate the plugin.
For those amongst you who are technically minded, communication between ManageWP and your sites is handled by OpenSSL signed protocol. We dumped the XML-RPC implemented in WordPress by default due to its vulnerability to traffic sniffing (i.e. it is inherently insecure). Instead, we use OpenSSL signed communication, which makes it nearly impossible for a hacker to fake any of the messages sent by ManageWP.
Backing up is something that often evades even the most well-intentioned bloggers, usually because it is a less than straightforward process. But with ManageWP, you can set up scheduled backups to Amazon S3, Dropbox, your own server, any external FTP or an email address for all of your blogs with just a few clicks.
Although the process is very simple, there are more powerful options for those who wish to customize their backup procedure, which we will cover in one of our upcoming articles.
You’re In Safe Hands
As you may have gathered by now, we treat the issue of security very seriously, and are constantly endeavoring to ensure that your sites are very well protected.
If you have any questions, please fire away in the comments section below!
Photo Credit: Gritty City Girl