WEBSITE HOSTING SERVICES – SECURITY STATEMENT

THIS SECURITY NOTICE (or “Security Policy”) shall apply to Website Hosting Services (“Service” or “Services”) provided by OpenMedium, Inc. (“OpenMedium” or “Us” or “We” or “Our”) for each Reseller and End-User Client (“Customer” or “You”).

We may update this Security Notice from time to time in our sole discretion; the current version may be found at https://www.openmedium.biz/legal/

1. Introduction

At OpenMedium, we take the security of your privacy and data seriously and we want to be as transparent as possible with how we conduct business around security measures. Not every security procedure is shared, as we do not want our transparency to lead to exploitation of our systems and your customer data.

We provide managed website hosting services which includes access to WordPress Open Source Software and third-party theme and plugin licenses. The following security features are provided to all of our customers by OpenMedium and our third-party vendors.

2. Application

  • Standard SSL. We support standard SSL encryption for all customer websites and our applications.
  • Brute Force Lockout. We limit login attempts to block attackers trying to guess your password.
  • Vulnerability Scans and Change Detection. We conduct regular scans of plugins, themes and WordPress core files for changes to code.
  • 404 Lockout.Usage of 404 detection to stop bots scanning for vulnerabilities.
  • Audit and Activity Logs.Detailed logs of every user action including file modifications and administrative changes.
  • IP Lockout. Ability to trigger timed or permanent site bans with manual and automatic IP address control.
  • Security Keys. We regularly update security keys.
  • 2-Factor Authentication. Optional 2-factor login functionality to protect site with password and phone challenge. Provided on customer request.
  • Automatic updates to WordPress core via The WordPress Security Team. The WordPress Security Team can identify, fix, and push out automated security enhancements for WordPress without the site owner needing to do anything on their end, and the security update will install automatically. To learn more about WordPress.org core security features please visit https://wordpress.org/about/security/

3. Data Redundancy

  • Nightly back-up of entire infrastructure with rapid restore capability.
  • Regular offsite back-up of customer website content with restore capability.
  • Ad hoc and/or local website content back-up based on special circumstance or customer request.

5. Data Center

We host your data at a partner data center located in the United States. Data center access is strictly monitored. Some of the security measures are outlined below that our host adhere to:

  • Filtering Edge of Network System (FENS). FENS is a series of proprietary systems that proactively monitors and protects our network from most common Denial of Service (DOS) and Distributed Denial of Service (DDoS) attacks.
  • Network and Transport Layer Protection
    • SYN Flood
    • UDP Flood & Fragmentation
    • ICMP Flood
    • Ping Attacks
    • Smurf
    • Reflective Attacks
    • DNS Attacks
    • ACK and Push Flood
    • Fragmented ACK
  • Application Layer Protection
    • HTTP Flood
    • SMTP Flood
    • Slow Reading Attack
    • Sockstress
    • Slow HTTP POS
  • 100% Power Uptime
    • Diesel generator power redundancy
    • N+1 high efficiency battery UPS
    • 120V and 208V available
  • Secure Physical Environment
    • 24/7 Falcon monitoring of all critical infrastructure assets
    • 24/7 monitoring of entire facility using motion activated cameras

6. Payment Processing

We use Stripe.com to process all customer credit card payments. To learn more about how Stripe protects your data and privacy please visit https://stripe.com/privacy. OpenMedium does not store credit card data.

7. Regulated and Sensitive Data

OpenMedium does not process or store sensitive or otherwise regulated health or financial information, including Protected Health Information (as that term is defined under HIPAA), cardholder data protected under PCI DSS regulations (such as credit or debit card data), or other financial data (including any financial account details). Customer shall use the Website Hosting Services solely for its intended purpose in accordance with our Terms of Service and Acceptable Use Policy located at openmedium.biz/legal/.

8. System Audits

OpenMedium performs regular security audits and core application updates. Depending on the application and our review schedule, audits and updates happen weekly, monthly, or quarterly.

  • Automated web server and security patch updates.
  • WordPress core, plugin, and theme audits including updates and patches.
  • We limit the use of free and unsupported third-party WordPress plugins and themes in our network. All third-party applications must be reviewed and approved by OpenMedium.
  • Audit and removal of obsolete user accounts