Online security requires a high level of vigilance from everyone on the internet. Web security isn’t just the domain of web hosts. Everyone from site owners on down to the average browser user can help keep everyone on the internet secure. At WP Engine, customer security is our top priority. One of the most important things to us is keeping your WordPress installation secure and your business running smoothly.
Of course, because technology changes quickly, staying on top of new security developments requires constant vigilance on the technical side. WP Engine continuously evaluates our security measures to ensure that we’re offering the tightest security for our customers day in and day out.
One of the measures we take to ensure client security is known as Penetration Testing. Sometimes called a “pentest,” this is the process of simulating a security attack to evaluate how strong your security actually is. Pentesting is putting your security measures to test in the real world. WP Engine will occasionally order pentests to monitor our own security processes through a third party. If you’re more curious, feel free to read more here: http://en.wikipedia.org/wiki/Penetration_test
We’re writing about this because WP Engine successfully underwent a pentest cycle from a customer today. By collaborating with our partner on the pentest, we were able to add improvements to security protocols. As a result of these security improvements, our customer sites will benefit from that much more security on our infrastructure.
Of course, you might be asking, “Wait, does this mean our sites weren’t secure previously?” That’s not what it means! Rather, it’s that security is an ever-changing landscape that requires ever-changing counter-measures, and we will always opt for more, proactive measures, rather than resting on our laurels.
As part of WP Engine’s commitment to excellent customer experiences, we are always working to make sure WP Engine customers continue to be well-protected on the web. Our security teams and processes keep a vigilant eye out for suspicious behavior and potential attack patterns, and we will make updates and improvements so that we stay ahead of any potential threat.
All WP Engine customers can rest easy knowing that their sites are safe. We’re always digging deeper to make sure they become even more secure every day.
Thanks for choosing to trust your sites with WP Engine, the secure WordPress hosting platform.
Correction: November 5, 2013
WP Engine underwent a pentest from one of our customers, who was collaborating with us on our security testing.
I’ve been a developer customer for 18 months and now have 80+ installs on WPE and no one has been hacked.
Great job making my job easy.
Thanks for being an amazing customer, Jesse. It’s a pleasure to work with you.
Perfect timing on this blog post. The security guru (and I say that with affection not malice) has asked the following questions before granting is blessing for us to use WPEngine.
1. Has there been a recent and independent pen test?
2. Is there someone at the company with a title/role dedicated to “security” What is that title?
3. Do you have an SSAE16 certfication or SAAS 70 (excuse my ignorance if I’m labeling those incorrectly).
Is there a good contact person he could call to verify a few things?
Thanks – I think you guys are awesome and I’d like to be able to use you for some of our corporate accounts.
Thanks,
Jason
Hey Jason,
Thanks for your questions. These really go above and beyond the questions most folks ask on their first look at WP Engine, so I want to actually take this conversation to email / phone so that we can make sure we answer your questions. A blog post really isn’t the best place to dig in and confirm that WP Engine has some of the best security available on for WordPress.
1. Yes, we did, as per this blog post.
2. Absolutely. We have a few people with security backgrounds, in addition to working closely with a 3rd party, Sucuri Security, as an added layer of security.
3. Let’s hop on a call to understand your use case and make sure we’re the right host for you.
I’m going to send you an email so we can schedule a phone call today or tomorrow to talk in depth.
Thanks for reaching out. We’re looking forward to chatting soon.
-Austin
One of my clients recently said something to the effect of this – “My site hasn’t been hacked since we moved over to WP Engine. Why do I need to keep paying for this service?”
I smiled. To me it was obvious – their site hadn’t been hacked because we’ve got them on a better, more proactive system.
Before we moved them to WP Engine, it was a given that their site would be hacked. That’s no longer the case.
Thanks for continuing to raise the bar.
Haha. That’s freakin’ awesome. “Well, uh, you’re on a secure platform now… So, yeah, you gotta keep payin’ or it, dude.”