- September 18, 2021
- /Feature Highlights, General, Latest from Our Hometown, News, Newsletter, Office Hours, Office Hours Announcements, Office Hours Replays, Paywalls, Revenue, Software Updates, Video, Websites
- /No Comments
Click play to LISTEN to the article below
At Our-Hometown, the security of our customers’ websites and data is one of our top priorities.
Our engineering team has provided an detailed overview of the multiple layers of security within the Our-Hometown platform. Click on the question to expand the response.
Only Our-Hometown accounts have true “Admin” level access to the websites. All of your staff member accounts are actually limited to the “Editor” role. An Editor level account could change the password for other editor-level users and below, but would not be able to edit our Admin account; so we would always be able to gain back control if this happened. Our admin accounts are also protected by Two Factor Authentication to help prevent against anything like this. Furthermore, as detailed below in item #3, we also take daily backups should any major breach ever occur.
Our phone lines close at 5PM (EST) or shortly thereafter, but generally myself or someone else will be monitoring tickets throughout the evening on weekdays. For weekends and super late nights, however, tickets are not monitored as closely. I will discuss this with Matt and our engineers and determine if there is an Emergency number we can set up for a situation like this — although hopefully it will never be needed. I will get back to you with more info on this.
- We have multiple layers of firewall/security protection that starts at the server level.
- This software uses blacklists that are updated daily with known bad “actors” to prevent access to the site.
- We have software that detects malicious probing of the site and blocks the IP address.
- We automatically lock an account when too many failed login attempts occur.
- We have monitoring and notification software that alerts us to any intrusion within our system
- We have server-level antivirus and anti-spyware software
- Only the Our-hometown staff have administrative accounts on our websites. All accounts with administrative access require two-factor authentication to prevent breaches due to passwords being bypassed.
- Our-Hometown Administrator accounts have limited capabilities that are well below default levels compared to a normal WordPress install. We do not allow file modification to website plugins or themes from within the WordPress CMS. All changes are performed within the server which provides an extra layer of protection against security breaches.
- Lastly, we take daily backups to prevent loss of data should any of these fail
The following are more tips and features designed to keep your website secure.
- Use Two-Factor Authentication
- Use Strong Passwords
- Don’t Share Accounts/Logins
- Adjust Former Employee Accounts
- Manage Screen Share/Remote Access Software
- Keep your Anti-Virus and Firewall protection up to date
Two-Factor Authentication, or 2FA, still requires your staff to login with their normal username and password, but upon doing so they are asked to enter a special pin code that is delivered to the user via mobile, email, or in our case, an authentication app such as Google’s Authenticator.
Digital Subscriptions integrate directly with the Our-Hometown WordPress CMS, allowing you to sell and manage online subscribers through the same portal you use for updating your website.
You will have complete control of the pricing, duration, access level, and renewal settings of each subscription plan you create.
Choose from Stripe, Paypal, or Authorize.net to handle all encryption and security required today. Once you’ve set up your payment gateway, you’ll be able to accept credit cards for digital subscriptions, placing classified ads, paid forms, paid directory listings, or any other products you’d like to sell on the site.
One huge benefit to taking subscription orders through your website is the ability to enable Auto Renewing (or Recurring) subscriptions with the use of Stripe, our preferred supported payment gateway. Auto Renewing subscriptions are important because they represent predictable revenue that you can depend on being there on a monthly or yearly basis, and serve as a great method of retaining subscribers who might otherwise let their subscriptions lapse.
A recent update for the GravityForms plugin that comes included with Our-Hometown’s WordPress Publishing Platform has introduced a more secure way of connecting and communicating with the online payment gateway, Stripe.