Security You Can Verify, Not Just Trust

We publish our actual security practices instead of hiding behind vague marketing claims. Here's exactly what we do, what we don't, and why.

What We Monitor, 24/7

Every IgnitionLabs-hosted site is under continuous monitoring. Not once an hour. Not once a day. Continuously. Here's what we watch:

Uptime & Availability

  • 1-minute ping intervals
  • Multi-region health checks
  • Automated alert escalation
  • Response time tracking

Threat Detection

  • Web Application Firewall (WAF)
  • Brute force attack blocking
  • Malware scanning (daily+)
  • File integrity monitoring

Infrastructure Health

  • Server resource utilization
  • Disk I/O and storage alerts
  • SSL certificate expiry tracking
  • DNS resolution monitoring

Incident Response: What Happens When Something Goes Wrong

Security incidents are categorized by severity. Here's exactly how we respond at each level:

Tier 1: Low Severity

Failed login attempts, minor scans, non-critical alerts

  • Automated blocking and logging
  • Pattern analysis for repeat offenders
  • Included in your regular status reports
  • No client notification unless patterns escalate

Tier 2: Medium Severity

Suspicious file changes, plugin vulnerabilities, targeted attacks

  • Immediate investigation by assigned technician
  • Containment within 1 hour
  • Client notification with plain-language explanation
  • Root cause analysis and prevention measures

Tier 3: Critical Severity

Active breach, data exposure, service-affecting compromise

  • Immediate containment (isolation if necessary)
  • Direct phone call to client within 30 minutes
  • Full incident response with timeline documentation
  • Post-incident report with root cause and remediation
  • Complimentary security hardening review

Proactive Security: What We Do Before There's a Problem

Software & Patch Management

  • WordPress core updates (tested before deployment)
  • Plugin and theme security patches
  • PHP version management and upgrades
  • Server-level security patches
  • Deprecated software identification and remediation

Hardening & Prevention

  • WordPress file permission hardening
  • Database prefix randomization
  • XML-RPC and REST API restriction
  • Admin URL obfuscation (optional)
  • Security header configuration (CSP, HSTS, X-Frame)

Backup & Recovery

  • Daily automated backups (file + database)
  • Off-site backup storage
  • Point-in-time recovery capability
  • Tested restore procedures
  • 30-day backup retention (minimum)

Access Control

  • SSH key-based authentication
  • Two-factor authentication (recommended)
  • IP allowlisting for admin access (optional)
  • Principle of least privilege
  • Activity logging for all administrative actions

An Honest Note About Certifications

We don't currently hold SOC 2 or ISO 27001 certification. Many small hosting companies don't, but few tell you that upfront.

Here's what we do instead: we follow security practices that align with industry frameworks, we document our procedures, and we're transparent about our capabilities. For clients who require formal compliance certification, we'll tell you honestly whether we can meet your requirements before you sign up.

We'd rather be honest about where we stand than wave a certification badge that doesn't mean what people think it means.

Security Partnerships

We partner with industry-leading security providers to extend our capabilities:

Cloudflare

CDN, DDoS protection, WAF, and DNS security

Sucuri / Wordfence

WordPress-specific malware scanning and firewall

Let's Encrypt / ZeroSSL

Automated SSL certificate management

Questions About Our Security Practices?

We're happy to discuss our security approach in detail. If you have specific compliance requirements, let's talk about them before you commit.

Start the Conversation → (844) 974-6781