On an application level we adhere to all the security best practices for the code that we write and
we require any new third party plugin or code to pass a visual inspection and security scan (if
applicable).
We provide solid security features on a server level thanks to our in-house hosting company. When
running on Synotio, you also get bruteforce protection built in using the wp-fail2ban plugin. All login
attempts are reported to a central server which makes us able to use the intelligence gathered from
all sites to block bruteforce or dictionary attacks – sometimes even before they happen. We insist on
using CloudFlare Pro (20 EUR/mo), and use their WAF functionality which is a more active form of
protection against DDoS and plugin-specific attacks.