Hosting Security
We take web security very seriously. We pride ourselves on only using the very best premium products to ensure your website is secure and for optimum performance.
Your web application is hosted on a dedicated Droplet, meaning it does not share IP with other sites (compared to shared hosting) if you are on a Premium Web Care Plan. Essential & Basic Web Care Plans share a droplet with a limited number of other PurpleCow Digital Marketing clients.
We are host our client's sites in a Virtual Private Server. The provider is Digital Ocean LLC. They are ISO certified and in compliance when it comes to security framework.
See: https://www.digitalocean.com/legal/certifications/
All our connection are encrypted via SSL to transmit data.
In addition to this, we have 3 levels of security:
1. CDN firewall via Cloudflare - This is the first layer of security for our website. Before anyone visit the site, they will come through Cloudflare first. Learn more here: https://www.cloudflare.com/security/2. Server security and firewall (fail2ban, firewalld https://firewalld.org/documentation/ and IP table rules)
Every unused port is automatically closed from outside access. The only ports opened are 22/tcp (SSH), 80/tcp (HTTP), 443/tcp (HTTPS), 34210/tcp (Local Communication Port). We are using FirewallD as the firewall and Fail2Ban to block unauthorised attempts to access the server.
3. Application level firewall - web application firewall (WAF). This are plugins we use to secure the application itself from outside attack (DDOS, Brute Force attack, etc)