Cornershop takes data security seriously. We treat your confidential and sensitive information with the same level of security that we would want for our own data. The following provides details on how we provide that security and what measures Cornershop takes to ensure your data is secure and private.
To make sure your site is secure and stable, we implement several security practices and monitoring services. Most importantly, we focus on updating plugins regularly, and use the Wordfence security plugin for its firewall and two-factor authentication features. On sites with high traffic, we have additional recommendations that can be applied, such as Cloudflare’s web application firewall and Bot Fight Mode.
Firewalls use rulesets maintained by security experts to detect and block malicious activity of all kinds. Wordfence is specifically geared toward WordPress sites, so its ruleset is designed to handle common WordPress attack vectors, including known security holes in older plugins, and any new unpatched exploits that might be discovered in the WordPress platform.
Two-factor authentication prevents attackers from logging into your site even if they manage to steal or guess your password.
Learn more about our website security practices through the following links:
All files provided to Cornershop are stored in a secure Google Drive folder that is only accessible to our team. We use 1Password to store passwords and credentials provided to Cornershop. This data is encrypted, and only people working on that project have access to your data, as well as our management and IT teams.
In addition, all employees are expected to keep the highest security standards on their Cornershop provided computers, including:
Keeping all software up to date
Practicing good password management
Not leaving devices unattended
Having a password on the computer
Not sending sensitive data (including passwords) over email unless encoded via an expiring password service
Not storing data on temporary or removable drives
Additionally, all employees have attended or viewed at least one security training by an outside security preparedness vendor.