How JungleWP protects you
JungleWP is designed to keep your servers secure and your data safe.
Our team has a heavy security background. If you have security questions or would like to report a security issue, please contact us.
Software Updates
All servers managed by JungleWP are configured to be automatically updated with security updates from the Ubuntu security repositories as well as our Cloud Technology Partners repositories. These updates are signed with the Ubuntu GPG keys.
Communications
All communication with JungleWP performed by your browser and JungleWP is done over HTTPS/TLS.
Our Cloud technology Partners apt repositories are also served over HTTPS.
Many developers mistakenly assume that programmatic communication over HTTPS is always secure. These developers don't realize that their communication libraries default to not checking certificate trust chains, hostnames, or validity dates. We take care to perform these checks. In the very few cases that the programming language makes performing these checks unreliable, we avoid transmitting sensitive information (even over HTTPS) because we know the communication channel can't be completely trusted.
Firewalls
JungleWP configures an IPtables-based firewall on all servers it manages. This firewall allows TCP ports 22 (ssh), 80 (HTTP), and 443 (HTTPS) as well as UDP port 68 (DHCP). On our own servers, we further restrict SSH and other ports except to our own developers.
JungleWP uses a reverse proxy feature that hides your server behind an IP address that changes dynamically. Then we forward your traffic through our CloudFlare network by replacing the IP in DNS records with CloudFlare's IP that also changes regularly.
JungleWP disables SSH/SFTP password authentication by default.
Our developers use SSH to access our own servers and use public key authentication when accessing them. On your servers managed by JungleWP, we open the firewall to allow port 22 (SSH) so that you can use SFTP on request to access your servers. We do not enable insecure FTP on your servers.
Public key authentication is a way of logging into your Server using a cryptographic key rather than a password. By using SSH keys we make sure your accounts are safe from brute force attacks. However restricting SSH access to our System administrators is the best way to avoid you breaking your site and save you time with tedious system tasks
JungleWP configures a postfix mail server on servers it manages. This mail server is used only for WordPress to send outbound mail. It is not configured to accept mail from outside of the server and the firewall is not opened to allow outside communication with the mail server. We use Instead our Amazon Email Infrastructure to secure and sign WordPress emails. Professional email accounts are managed on our own secure Cloud Infrastructure, and Business emails are managed by our Partner Microsoft. JungleWP and our Partners are committed to protect your data privacy.
Passwords
We do not store passwords in plain text. Your JungleWP account password is hashed using the industry standard Argon2id. When we set system user passwords or mysql passwords on JungleWP, we hash those passwords in the appropriate format and transmit them in hashed format to your server (over HTTPS, of course).
Credit Cards
We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.