Security Policy

At Reliable, we understand the importance of cybersecurity in today's digital business environment. We take the protection of our clients' sensitive information and assets very seriously and have implemented robust security measures to ensure the integrity and confidentiality of our clients' websites, accounts, apps, and data.

  1. All Reliable employees use an enterprise-level password management platform with role-based control for saving and accessing credentials
  2. Two-factor authentication (2FA) is required for accessing Reliable’s password platform as well as company email.
  3. Strong password enforcement is mandatory for all Reliable-created or owned credentials. Passwords must be at least 20 characters long, include uppercase and lowercase letters, numbers, and special characters.
  4. Whenever possible, employees must use Reliable’s company VPN when accessing a client's hosting account or server.
  5. All employees must immediately report any suspicious activity, such as phishing attempts or unauthorized access to company systems.
  6. We maintain strict confidentiality and do not disclose any client credentials or other sensitive information to any third parties under any circumstances.
  7. If a client has signed up for a hosting or maintenance plan for their website, Reliable performs a monthly, in-depth security check inclusive of all items listed below. If a client has not signed up for hosting or maintenance, Reliable recommends implementing a monthly plan inclusive of the following measures to protect their website security:
    1. Use a trusted website host that shows accountability for the safety and security of their servers. Reliable uses and recommends WP Engine.
    2. Use a WAF (web application firewall) to block common vectors for website attacks including cross-site scripting (XSS), SQL injections, and cross-site request forgery (CSRF).
    3. Use an SSL (secure socket layer) to encrypt the connection between the end-user’s web browser and the firewall as well as the connection between the firewall and site host.
    4. Use Advanced DDoS Mitigation (distributed denial of service) to prevent attacks on the network, transport, and application layers of the open systems interconnection (OSI) model.
    5. Enforce strong passwords that utilize upper and lowercase letters, numbers, and special characters.
    6. Update core WordPress files, themes, and plugins. Remove any unnecessary or unused themes and plugins.
    7. Keep your website’s PHP version up to date, including code syntax verification to avoid depreciation errors.
    8. Use a WordPress security plugin such as WP Cerber or WP Defender. These plugins can aid in security measures such as disabling file editing, PHP file execution, directory indexing and browsing, and XML-RPC. They can also be used to limit login attempts, and automatically sign out idle users.
    9. Scan your website for malware and suspicious files.
    10. Never allow a WordPress user to have the username “admin.”
    11. Implement automated daily backups with one-click restore.
    12. Hide your WordPress login page by changing the URL from /wp-admin.
    13. Scan for broken links to identify and fix potential vulnerabilities caused by an attacker creating or modifying pages or links, as well as open redirects, XSS, and SSRF.
    14. Clean the site database to remove redundant and unnecessary data, making it more difficult for attackers to identify any potential vulnerabilities, and to aid in a speedy back-up and recovery process in case ever needed.
    15. Clean the cron (chronograph) to remove unnecessary or potentially malicious scheduled tasks as well as make it more difficult for an attacker to identify any potential vulnerabilities, and to aid in a speedy back-up and recovery process in case ever needed.

It's important to note that no single solution can provide complete security, so it's imperative to use a combination of these methods to ensure the maximum level of protection.

As no website is 100% hack-proof, Reliable cannot be held responsible in the event a client’s website is compromised. Reliable will, however, work with you to clean and protect your website. For our hosting and maintenance clients, in the unlikely event your website is compromised, site clean up and restoration is included at no additional cost. For clients self-maintaining their website, please reach out to us at info@heyreliable.com for a quote.

Reliable regularly reviews this security policy to keep it current with the needs of Reliable’s clients and the latest security threats.

info@heyreliable.com