Our Hometown Blog

Security Features

September 18, 2021
/Christopher Winders
/Feature Highlights, General, Latest from Our Hometown, News, Newsletter, Office Hours, Office Hours Announcements, Office Hours Replays, Paywalls, Revenue, Software Updates, Video, Websites
/No Comments

Click play to LISTEN to the article below

At Our-Hometown, the security of our customers’ websites and data is one of our top priorities.

Our engineering team has provided an detailed overview of the multiple layers of security within the Our-Hometown platform. Click on the question to expand the response.

1) Do you guys have a super high level of Admin clearance on the website that if we had a breach of someone stealing a user name and password to login and try to take control of our website, you could gain control and reset all the user names and passwords immediately? What is your protocol if this happens?

Only Our-Hometown accounts have true “Admin” level access to the websites. All of your staff member accounts are actually limited to the “Editor” role. An Editor level account could change the password for other editor-level users and below, but would not be able to edit our Admin account; so we would always be able to gain back control if this happened. Our admin accounts are also protected by Two Factor Authentication to help prevent against anything like this. Furthermore, as detailed below in item #3, we also take daily backups should any major breach ever occur.

2) In the event that this happens how do we contact you after hours, in an emergency?

Our phone lines close at 5PM (EST) or shortly thereafter, but generally myself or someone else will be monitoring tickets throughout the evening on weekdays. For weekends and super late nights, however, tickets are not monitored as closely. I will discuss this with Matt and our engineers and determine if there is an Emergency number we can set up for a situation like this — although hopefully it will never be needed. I will get back to you with more info on this.

3) What kind of security prevention is in place to prevent this kind of a from happening?

We maintain multiple layers of security within our platform.

We have multiple layers of firewall/security protection that starts at the server level.
- This software uses blacklists that are updated daily with known bad “actors” to prevent access to the site.
- We have software that detects malicious probing of the site and blocks the IP address.
- We automatically lock an account when too many failed login attempts occur.
- We have monitoring and notification software that alerts us to any intrusion within our system
- We have server-level antivirus and anti-spyware software
Only the Our-hometown staff have administrative accounts on our websites. All accounts with administrative access require two-factor authentication to prevent breaches due to passwords being bypassed.
Our-Hometown Administrator accounts have limited capabilities that are well below default levels compared to a normal WordPress install. We do not allow file modification to website plugins or themes from within the WordPress CMS. All changes are performed within the server which provides an extra layer of protection against security breaches.
Lastly, we take daily backups to prevent loss of data should any of these fail

For your staff, you have the option to enable ( and require ) 2FA for all editor accounts that access the website. If you’d like instructions on how to enable this, please view this link: https://our-hometown.com/two-factor-authentication-now-available-for-oht-customers/

4) What are the different levels of users and their access that we have on the website?

The majority of our sites utilize three levels of users:

1. Subscribers – Subscribers are the lowest level of access allowed. Subscribers don’t have access to the WordPress dashboard and cannot manage any content or data. On websites with paid subscriptions, the Subscriber role represents paid subscribers — however, it would also be the default role given to out to accounts on websites without paid subscriptions. Since most of the Florida Weekly websites don’t offer paid subscriptions, there are very few Subscriber accounts in the system on any of your websites. Ave Maria Sun should have more Subscribers as since a paid subscription is now required.

2. Editors – Editors represent your staff members. Editor accounts have access to the WordPress Dashboard and all of the content management features available to your staff. Articles, Ads, Newsletters, Etc can all be edited by Editor accounts. Editor accounts can edit other Editor and User Level Accounts, but cannot edit any Admin accounts. Editor accounts are eligible to opt in to Two Factor Authentication: https://our-hometown.com/two-factor-authentication-now-available-for-oht-customers/

3. Administrator – Administrators are the highest level of access and trump all of the other roles. Only our engineers and staff members have the Admin role, ensuring that nobody can change our password or adjust our access level to take control of the site. Our accounts are protected using 2FA to help mitigate any potential password breach.

The following are more tips and features designed to keep your website secure.

Website Security Refresher

Use Two-Factor Authentication
Use Strong Passwords
Don’t Share Accounts/Logins
Adjust Former Employee Accounts
Manage Screen Share/Remote Access Software
Keep your Anti-Virus and Firewall protection up to date

Two-Factor Authentication

Two-Factor Authentication, or 2FA, still requires your staff to login with their normal username and password, but upon doing so they are asked to enter a special pin code that is delivered to the user via mobile, email, or in our case, an authentication app such as Google’s Authenticator.

Customizable Membership Paywall

Digital Subscriptions integrate directly with the Our-Hometown WordPress CMS, allowing you to sell and manage online subscribers through the same portal you use for updating your website.

You will have complete control of the pricing, duration, access level, and renewal settings of each subscription plan you create.

Payment Gateways with SSL security

Choose from Stripe, Paypal, or Authorize.net to handle all encryption and security required today. Once you’ve set up your payment gateway, you’ll be able to accept credit cards for digital subscriptions, placing classified ads, paid forms, paid directory listings, or any other products you’d like to sell on the site.

Auto-Renewing Subscriptions with Stripe

One huge benefit to taking subscription orders through your website is the ability to enable Auto Renewing (or Recurring) subscriptions with the use of Stripe, our preferred supported payment gateway. Auto Renewing subscriptions are important because they represent predictable revenue that you can depend on being there on a monthly or yearly basis, and serve as a great method of retaining subscribers who might otherwise let their subscriptions lapse.

Stripe Update for Gravity Forms

A recent update for the GravityForms plugin that comes included with Our-Hometown’s WordPress Publishing Platform has introduced a more secure way of connecting and communicating with the online payment gateway, Stripe.

Share this Post:

Comments are closed.

Our Hometown Blog

Recent Posts

Recent Comments

Archives

Categories