We take your site’s security very seriously – below is everything we do to secure our network!
1. We back maintain regular backups of our sites and all related data. We keep these backups both on our network for quick recovery, and “off-site” with a different provider in the event of a disaster. So, if our provider were to suddenly implode with no notice, we would at the very least still have all of the data so we could get back online elsewhere without losing any data.
2. We have a dedicated firewall in front of our servers. Our actual servers are disconnected from the outside world and cannot be accessed directly. All traffic, including loading a page on one of our sites, goes through the firewall. This allows us to very quickly spot and block any offending or questionable traffic if (when…) we need to.
3. If there is any traffic that is questionable (but we can’t be 110% confident it is “bad”), or may potentially cause undue stress on our infrastructure (ie: something that could cause slowdown, such as bots and overly-aggressive “uptime checks”) we sandbox it so it does not affect anybody else. We don’t want to block legitimate traffic, so if we’re not completely sure it’s bad traffic, we just isolate it until we know for sure.
4. Nobody—not even AgentFire devs–have direct access to the files that run your site. The only way to upload new files is our deployment system. Those files are run through a series of automated tests, and the upload is halted if something fails or there is anything questionable about them.
5. We are a managed service, so no clients are able to upload via FTP or install their own plugins. All such requests have to go through AgentFire support. Any additional plugins that may be requested are tested and vetted through senior support and DevOps staff to ensure that they do not compromise our network. This is done before such plugins come anywhere near live sites.
6. All code that we write internally for our own plugins and frameworks is reviewed by at least one or two other developers before being considered for deployment on a live site.
7. We have not had a verified hack to date.
In short: we have physical barriers in place to prevent unauthorized access to our systems, as well as tools in place to prevent *US* from accessing them directly unless authorized by senior system administration staff. Mistakes happen—better to be safe than sorry!