Personal Identity Security
We are serious about security of your identity and personal information that you share with us while creating account or during transactions. We do everything in our power to make sure your personal information is secure and safe with us. We never disclose or share your information to anybody ever – unless we have to when we contact vendors in order to purchase services/products for you.
We have the right tools to ensure that your website data is safe and secure. Our web hosting offers data backup services so that you never loose your website data. Our servers are secure and safe from attackers and you get the maximum protection for your website with us.
Other Security Policies
Confidential information held by FridayHost is stored on secure administration servers that we operate. Our administrative servers are not connected directly to the public internet and we employ various security procedures to ensure that information on our systems cannot be obtained by unauthorized persons. Our security policies are second to none. We routinely employ strong firewalls, encryption, passwords and other policies and procedures to ensure the security of our data as well as our customer’s.
We do not store credit card numbers. We carefully guard sensitive information. FridayHost provides a number of security measures to protect our servers and prevent your account from being compromised. While our servers are secure, security breaches of your website and your personal account due to vulnerable passwords or known exploits in the software that users choose to have installed on their server cannot be prevented with server security measures. Let’s say when you install a WordPress based website, you are responsible to take care of its security procedures.
What Security Measures Does FridayHost Provide?
FridayHost is protected from DDoS attack (UDP flood). We have an extensive custom firewall rule and large mod_security rulesets protecting our servers from a variety of online attacks. If we do experience heavy flooding, we have our datacenter enable network level flood protection. Our datacenters are all highly secure facilities with restricted access. Our other server security methods and precautions are confidential.
What Security Measures are Your Responsibility?
You are responsible for the security of any passwords, settings, or software that you have the access to change or install on your account. By hosting on FridayHost servers, you have agreed to be fully responsible for all use of your account and for any actions that take place through your account. It is your responsibility to maintain the confidentiality of your password and other information related to the security of your account.
It is your responsibility to ensure that scripts/programs installed under your account are secure and permissions of directories are set properly, regardless of the installation method. When at all possible, set permissions on most directories to 755 or as restrictive as possible. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. You are required to use a secure password. If a weak password is used, your account may be suspended until you agree to use a more secure password. Audits may be done to prevent weak passwords from being used. If an audit is performed, and your password is found to be weak, we will notify you and allow time for you to change or update your password before suspending your account.
Being aware of these responsibilities is important, as an account that is found to be compromised may be disabled and/or terminated per our Terms of Service. Failure to clean your account after being notified by FridayHost of an ongoing issue may result in having your account disabled.
What Can You Do to be More Secure?
FridayHost recommends a number of actions and services which can help you maintain security on your website. The following security tips are offered in order to help our clients maintain site security and protect their accounts:
- Update Scripts and CMS Installations Regularly
The vast majority of account compromises are caused by malicious users who have found exploits in scripts installed on an account. Therefore, the best advice we can offer is to make sure that all CMS installations, as well as any related themes, plugins and other add-ons, are kept up-to-date. Most CMS software has an option to update from within the administration panel.
- Update Passwords Regularly
Another common form of compromise is due to exploited passwords. These compromises can occur in one of two ways: a brute force compromise or through virus/malware on a local computer.
- Viruses and Malware
Another form of password compromise occurs when account passwords are stolen using viruses/malware located on local computers from which accounts are accessed. This malware sniffs out passwords used and stored by FTP and other programs. In order to protect against this form of attack, full virus and malware scans should be run on all computers which access your account to ensure that they are clean.
- Make Regular Data Backups
Be sure to make regular backups of your account in case there is a compromise. While FridayHost does make backups for Shared, Reseller, and VPS accounts, but we can not guarantee that backup will always be available to restore.