How does iControlWP handle security of your WordPress site and your data?

By 3rd July 2012 June 5th, 2017 iControlWP: Manage WordPress Better
iControlWP Security – how do we ensure your data is safe?

We knew from the start that iControlWP Security must be a priority.

In this article, I’ll outline the main security features of the iControlWP system that ensure your data and WordPress websites are secure.

Adding your WordPress websites to iControlWP

The steps outlined below detail what happens when you install the iControlWP plugin …

  1. After you install the iControlWP WordPress plugin, it generates a unique authentication key. Before your WordPress website can be added to any iControlWP account, this unique key must be provided (we now automate this, but use some of the features below to secure it).
  2. After you add a site to your iControlWP account, iControlWP creates a new unique PIN number, creates a secure MD5 hash of it, and stores this in your WordPress database. Then, for every subsequent connection to your site by iControlWP, this PIN number must be provided. The PIN is checked on every connection – there is no way around this.
  3. Every single action that is sent from iControlWP to your site is sent a unique SSL seal – a bit like an encrypted fingerprint that says “We really are iControlWP”. Your site will verify this each and every time to ensure that any actions requested have been legitimately sent from us.
  4. Your iControlWP plugin will verify that the IP address of the connection is coming from app.icontrolwp.com. In this way, your iControlWP plugin cannot receive commands from anywhere, except our servers.

As you can see on the plugin itself, we take great care that your WordPress site is secured from external access. Your sites are protected against any other system impersonating ours.

iControlWP Security: Customer data and payment details

Any and all sensitive customer information when stored is secured in our database using 128-bit AES encryption, hashed using our unique encryption salts. We don’t take any chances with your data.

User login credentials for the app are encrypted using the Blowfish encryption cipher and cannot be reverse engineered to reveal a user’s account password.

If you go pro, we hand-off all payment related data handling to Stripe. We are not PCI-compliant and would never want this responsibility – we prefer to hand this over to services dedicated to such a purpose.

We never store any data or information that might be leaked to reveal sensitive WordPress login data for your sites. At no point in time is data, that could be used to directly compromise your WordPress sites, stored on our platform. We would never collect and store usernames/password for your WordPress users for any normal operations of iControlWP, for example – we have no use with requesting/collecting it.

If you have any concerns or questions, please take a look at our various policies pertaining to privacy, refunds and terms of service. We are clear and open about any data we store about you (which is minimal – we have no interest in anything that doesn’t pertain to you and running iControlWP).

I hope this article goes a long way in dealing with any concerns about iControlWP security of WordPress sites and your data.

Of course, if you have any questions not answered here, please feel free to contact us at any time.

Leave a Reply

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO