Our hosting servers are hidden behind firewalls which prevent anyone from attempting to access via SSH or other protocols unless they are doing so from an approved location.
Administrative pages are locked behind an initial authentication layer which boots any unauthorized user who attempts to access before any data is processed or displayed. This general layer of protection prevents any accidental access to straggler pages.
SQL Injection Shielding
Data inputs which reach the SQL server are first scrubbed before any operations are completed. This scrubbing checks the data type, ensures no malicious entries, and formats strings of data such that no outside commands can be injected into the server.
Brute Force Lockdown
Attempts to break into someone’s administrative account by repeatedly guessing the wrong password results in a temporary ban of traffic from that location. This helps prevent any hacker from “Brute Forcing” their way into the system by trying thousands of passwords.
Denial of Service Safeguards
In the event of a denial of service attack (organized waves of massive traffic spikes intended to overwhelm the server), if the attackers make it through firewalls to the site, a software override kicks in to preserve the experience of existing users, while denying any new sessions for a temporary period of time. This ensures the site does not go down for everybody, and any in progress transactions are not interrupted.
Limited & Secured Access to Server Admin
Access to server administrative areas is limited to a need to use only basis, and locked behind strong passwords and 2 Factor Authentication (must have the password and the registered phone in hand in order to access). These measures ensure administrative areas remain as secure as possible.
All traffic to our sites is encrypted via an SSL certificate. In addition, we go to great lengths to ensure any sensitive or Personally Identifiable Information being stored is encrypted at rest.