GEMServers Security Guarantee
GEMServers Limited Security Guarantee
No other hosting company takes your security more seriously than we do. Our systems and processes were designed around “security first” and “defense in depth” principles and best practices, and we continuously work on maintaining and advancing security for our services and our clients. We are committed to making sure that your sites are as secure as we possibly can, 24 hours a day, 356 days per year.
That said, no system that invites public access are ever completely without risk. Any hosting company that tells you differently is not being honest. We can’t control every aspect of security. For example, we are not the authors of all of the software used our servers, so we can’t completely guarantee that those software packages won’t contain vulnerabilities that can be exploited. We work hard, through InnoDB security scans, firewall rules, prompt updates and upgrades, and other security hardening and countermeasure techniques to identify and react to any security vulnerability detected or reported to us as quickly as possible.
We also rely on the cooperation and help of our users in doing their part of assist us in keeping their site accounts and data secure, and we offer very effective tools to help them with that process too.
Most important, in the unlikely event that your site is breached or exploited, our first and foremost concern is to quickly fix the problem and mitigate any damage as quickly as possible. And you can count on us to immediately respond to and assist you to that end.
Policy and process we use to determine cause of a security infiltration and/or exploitation
1. GEMServers will thoroughly investigate all detected or reported security incidents resulting in aunauthorized access or exploitation of services. This includes our own forensic review of data from applicable logs and other proprietary records.
2. The length and scope of our investigation will be determined solely by us. We will work as quickly as possible. But thoroughness will take precedence over speed.
3. GEMServers, at their sole discretion, may enlist the services of trusted third party services who can aid in our investigation, determining cause, and recommendations to prevent recurrence. Third party services agree to not release any information in connection with an investigation except as required by law.
4. The final determination of cause rests solely with GEMServers and may not be appealed or arbitrated.
5. GEMServers will not release the results of any investigation other than to the principal account owner involved, to law enforcement agencies at our discretion or when required by law.
Limitations of what this guarantee covers (what GEMServers will do if your account or your site suffers a breach of security or security related exploitation):
1. Scanning, removal of malicious code or files
2. Restoration of site from the closest backup set verified as secure and safe
3. Changing of all applicable account, WordPress, administrator role user, and database passwords.
4. After restoration InnoDB scanning to ensure site is secured
This guarantee does not cover unauthorized access or subsequent harm to sites because of:
1. negligent administrative user password management.
2. sharing passwords for any reason (always create unique site accounts for users).
3. failure to use Launchkey Passwordless and/or Launchkey 2-factor athentication for WordPress sites.
4. insecure plugins not installed from the official WordPress plugins directory.
5. insecure plugins not installed from the official WordPress theme directory.
6. deactivation of automatic WordPress updates.
7. Distributed Denial of Service (DDoS) attacks.
Requirements to keep this guarantee valid:
1. You must not disable or tamper with any security feature we have installed to protect our network, servers, and web sites. Such activity would void this guarantee and violate our Terms of Service agreement.
2. You must use our Launchkey Passwordless or Launchkey 2-Factor authentication for all WordPress site administrator role accounts.
3. You must agree to enforce WordPress generated strong passwords for all other WordPress site user accounts.
4. You must not knowingly engage in any action that is designed to weaken or exploit security on your GEMServers account or your WordPress site.
5. You must cooperate fully with our security analysts and investigators in their efforts to determine the cause of the incident.
This guarantee in no way supersedes GEMServers Terms of Service. Please refer to our Terms of Service for more information. Also, please contact us directly if you have questions.