ACART Online Security Statement
This site is hosted at SiteGround. As one of the best and most preferred hosting providers on the market, they know how important security is for their customers.
Here is just a small part of the measures they have taken to keep their servers and hosted websites secure. Below is the security statement provided directly by SiteGround.
- By default, we have set all servers to use the latest PHP 7 version with the latest security fixes.
- We are running Apache in a chrooted environment with suExec.
- We have sophisticated IDS/IPS systems which block malicious bots and attackers (Intrusion detection/prevention systems).
- ModSecurity is installed on all of our shared servers and we update our security rules weekly, thus protecting our customers from the most common attacks.
- We are providing easy-to-use and hassle-free auto-updates for WordPress core version and the plugins.
- We strive to keep the versions of all the software that is providing database services (FTP, SMTP, IMAP/POP3, HTTP, HTTPS) up to date with the latest security patches.
- We are constantly monitoring for vulnerabilities in the most popular applications and modules and whenever possible we develop virtual patches in the form of WAF rules (Web application firewall).
- We ensure that users’ data is accessed only by trusted personnel on request by following strict policies and we keep detailed records for such access.
WordPress WEBSITE SECURITY
This is a WordPress website. The SiteGround Security tool designed specifically for WordPress is installed and active. Features include:
Locked and Protected System Folders
Ensures that no unauthorized or malicious scripts can be executed in the website system folders.
Hidden WordPress Version
Many attackers scan sites for vulnerable WordPress versions. By hiding the version from the site’s HTML, hackers cannot target this website for mass attacks.
Disabled Themes & Plugins Editor
Disabled the option to edit themes and plugins code directly from the WordPress admin to prevent potential coding errors or unauthorized access via the WordPress editor.
XML-RPC was designed as a protocol enabling WordPress to communicate with third-party systems but it carries the potential for exploits. It is not used on this website and therefore it has been disabled on this website to prevent exploitation.
Disabled RSS and ATOM Feeds
RSS and ATOM feeds can be used to perform attacks against a site. This website does not require either technology and therefore RSS and ATOM feeds have been disabled.
Enabled Advanced XSS Protection
Enabling this option has added extra headers to the site for protection against XSS attacks.
Deleted the Default Readme.html
- WordPress comes with a readme.html file containing information about your website. The readme.html is often used by hackers to compile lists of potentially vulnerable sites which can be hacked or attacked. The Readme.html file has been deleted from this site.
- All data collected on this website is stored inside the secured server at SiteGround and inside the WordPress database. All the above security measures apply to both the WordPress website content and the Databases.