Security Features

Security Features
Click play to LISTEN to the article below

At Our-Hometown, the security of our customers’ websites and data is one of our top priorities.

Our engineering team has provided an detailed overview of the multiple layers of security within the Our-Hometown platform. Click on the question to expand the response.

Only Our-Hometown accounts have true “Admin” level access to the websites. All of your staff member accounts are actually limited to the “Editor” role. An Editor level account could change the password for other editor-level users and below, but would not be able to edit our Admin account; so we would always be able to gain back control if this happened. Our admin accounts are also protected by Two Factor Authentication to help prevent against anything like this.  ​ Furthermore, as detailed below in item #3, we also take daily backups should any major breach ever occur.

Our phone lines close at 5PM (EST) or shortly thereafter, but generally myself or someone else will be monitoring tickets throughout the evening on weekdays. For weekends and super late nights, however, tickets are not monitored as closely. I will discuss this with Matt and our engineers and determine if there is an Emergency number we can set up for a situation like this — although hopefully it will never be needed. I will get back to you with more info on this.

We maintain multiple layers of security within our platform.
  • We have multiple layers of firewall/security protection that starts at the server level. 
    • This software uses blacklists that are updated daily with known bad “actors” to prevent access to the site.
    • We have software that detects malicious probing of the site and blocks the IP address. 
    • We automatically lock an account when too many failed login attempts occur.
    • We have monitoring and notification software that alerts us to any intrusion within our system
    • We have server-level antivirus and anti-spyware software
  • Only the Our-hometown staff have administrative accounts on our websites. All accounts with administrative access require two-factor authentication to prevent breaches due to passwords being bypassed.
  • Our-Hometown Administrator accounts have limited capabilities that are well below default levels compared to a normal WordPress install. We do not allow file modification to website plugins or themes from within the WordPress CMS. All changes are performed within the server which provides an extra layer of protection against security breaches. 
  • Lastly, we take daily backups to prevent loss of data should any of these fail
For your staff, you have the option to enable ( and require ) 2FA for all editor accounts that access the website. If you’d like instructions on how to enable this, please view this link:
The majority of our sites utilize three levels of users:
1. Subscribers – Subscribers are the lowest level of access allowed. Subscribers don’t have access to the WordPress dashboard and cannot manage any content or data. On websites with paid subscriptions, the Subscriber role represents paid subscribers — however, it would also be the default role given to out to accounts on websites without paid subscriptions. Since most of the Florida Weekly websites don’t offer paid subscriptions, there are very few Subscriber accounts in the system on any of your websites. Ave Maria Sun should have more Subscribers as since a paid subscription is now required.
2. Editors – Editors represent your staff members. Editor accounts have access to the WordPress Dashboard and all of the content management features available to your staff. Articles, Ads, Newsletters, Etc can all be edited by Editor accounts. Editor accounts can edit other Editor and User Level Accounts, but cannot edit any Admin accounts. Editor accounts are eligible to opt in to Two Factor Authentication:
3. Administrator – Administrators are the highest level of access and trump all of the other roles. Only our engineers and staff members have the Admin role, ensuring that nobody can change our password or adjust our access level to take control of the site. Our accounts are protected using 2FA to help mitigate any potential password breach.

The following are more tips and features designed to keep your website secure.

Website Security Refresher

  1. Use Two-Factor Authentication
  2. Use Strong Passwords
  3. Don’t Share Accounts/Logins
  4. Adjust Former Employee Accounts
  5. Manage Screen Share/Remote Access Software
  6. Keep your Anti-Virus and Firewall protection up to date

Two-Factor Authentication

Two-Factor Authentication, or 2FA, still requires your staff to login with their normal username and password, but upon doing so they are asked to enter a special pin code that is delivered to the user via mobile, email, or in our case, an authentication app such as Google’s Authenticator.

Customizable Membership Paywall

Digital Subscriptions integrate directly with the Our-Hometown WordPress CMS, allowing you to sell and manage online subscribers through the same portal you use for updating your website.

You will have complete control of the pricing, duration, access level, and renewal settings of each subscription plan you create.

Payment Gateways with SSL security

Choose from Stripe, Paypal, or to handle all encryption and security required today. Once you’ve set up your payment gateway, you’ll be able to accept credit cards for digital subscriptions, placing classified ads, paid forms, paid directory listings, or any other products you’d like to sell on the site.

Auto-Renewing Subscriptions with Stripe

One huge benefit to taking subscription orders through your website is the ability to enable Auto Renewing (or Recurring) subscriptions with the use of Stripe, our preferred supported payment gateway. Auto Renewing subscriptions are important because they represent predictable revenue that you can depend on being there on a monthly or yearly basis, and serve as a great method of retaining subscribers who might otherwise let their subscriptions lapse.

Stripe Update for Gravity Forms

A recent update for the GravityForms plugin that comes included with Our-Hometown’s WordPress Publishing Platform has introduced a more secure way of connecting and communicating with the online payment gateway, Stripe.

Share this Post: Facebook Twitter Pinterest Google Plus StumbleUpon Reddit RSS Email

Comments are closed.