At GLIDE, we understand the critical importance of security in today's digital landscape. As part of our commitment to providing secure and reliable services, we leverage robust security measures provided by our preferred hosting partner, WPEngine. If you require a different host, we recommend that you consult their security documentation.
SSL (Secure Sockets Layer): SSL encryption ensures secure communication between a website and its visitors, safeguarding sensitive information such as personal data and payment details. Most WPEngine plans will provide a free Let’s Encrypt SSL certificate.
Global Edge Security: This feature enhances website security by providing protection against DDoS attacks and improving site performance through global content delivery network (CDN) capabilities. GES is an add-on for most WPEngine plans but highly recommended.
To further bolster security on your marketing websites, we recommend implementing the following best practices:
Multiple Administrators: Ensure redundancy by having more than one administrator with access to both hosting and your content management systems (CMS).
Secure Passwords: Encourage the use of strong, unique passwords and regular password updates to mitigate the risk of unauthorized access.
Malware Scans: Implementing regular malware scans is helpful for identifying and addressing potential security threats on your website. We recommend using the linked reputable security plugins that offer malware scanning functionalities to proactively detect and remove malicious code or files.
Security Plugins: Enhance website security by utilizing dedicated security plugins that provide comprehensive protection against common threats such as malware, hacking attempts, and unauthorized access. Look for security plugins that offer features such as firewall protection, login attempt monitoring, file integrity checks, and security audits to safeguard your website from potential security vulnerabilities. Use our referral link for Wordfence >>.
Regulatory Frameworks
SOC2 and ISO certifications are not mandated by specific countries but are industry standards recognized internationally. GLIDE is SOC2 Type II Certified and we recommend using an experienced vendor like Sprinto to achieve and maintain the appropriate certifications for your organization.
SOC2 (System and Organization Controls 2): Developed by the American Institute of CPAs (AICPA), SOC2 focuses on the controls relevant to security, availability, processing integrity, confidentiality, and privacy of customer data. While SOC2 is not required by law, it is often sought after by organizations, especially those handling sensitive customer information, to demonstrate their commitment to security and compliance with industry standards.
ISO (International Organization for Standardization): ISO standards cover a wide range of areas, including information security (ISO/IEC 27001), quality management (ISO 9001), and more. These standards are not legally mandated by specific countries but are widely adopted globally as benchmarks for best practices in various industries. ISO/IEC 27001, in particular, focuses on information security management systems, providing a framework for organizations to establish, implement, maintain, and continually improve their information security management processes.
While SOC2 and ISO certifications are not mandatory by law, they are often pursued voluntarily by organizations to enhance trust with customers, partners, and stakeholders, irrespective of their geographic location. These certifications demonstrate a commitment to maintaining high standards of security, compliance, and risk management in an increasingly interconnected and data-driven world.
PCI DSS (Payment Card Industry Data Security Standard): Unlike SOC2 and ISO, PCI DSS is a specific set of security standards mandated by major credit card companies such as Visa, Mastercard, American Express, Discover, and JCB International. PCI DSS aims to ensure the secure handling of cardholder data and protect against payment card fraud. While PCI DSS compliance is not required by law in most countries, organizations that process, store, or transmit payment card data are contractually obligated to comply with PCI DSS requirements as stipulated by their payment card providers. Non-compliance may result in financial penalties, reputational damage, and the loss of payment processing privileges. Therefore, adherence to PCI DSS standards is essential for ecommerce businesses or any user interaction involved in payment card transactions to safeguard sensitive cardholder information and maintain trust with customers and payment card providers alike.
Recommended PCI DSS Payment Processors for Wordpress and Shopify:
Wordpress: Stripe, PayPal
Shopify: Shopify Payments, PayPal