Download Plugin

Security Policy

We build security software. That means we hold ourselves to higher standards than most when it comes to protecting data. This page explains our approach.

How We Think About Security

Security isn’t a feature you add at the end. It’s built into how we develop, deploy, and operate Content Guard Pro. We assume we could be targeted and design accordingly.

That said, we’re honest about limitations. No system is perfectly secure. Anyone who claims otherwise is either naive or lying. We do our best, stay vigilant, and keep improving.

Infrastructure

Hosting

Our infrastructure runs on reputable cloud providers with:

  • ISO 27001, SOC 1, 2 and 3 certifications
  • Physical security (access controls, surveillance, environmental protections)
  • Redundant power and networking
  • Regular third-party audits

Network Security

Multiple layers:

  • Firewalls and intrusion detection
  • DDoS protection
  • Network segmentation
  • Encrypted connections (TLS 1.2+)
  • Regular vulnerability scanning

Access Control

We limit who can access what:

  • Role-based access control
  • Multi-factor authentication for all administrative access
  • Principle of least privilege
  • Regular access reviews
  • Immediate revocation when roles change

Application Security

How We Build

  • Security-focused code reviews
  • Static and dynamic security testing
  • Dependency vulnerability monitoring
  • Input validation and output encoding
  • OWASP Top 10 protections

The Plugin Specifically

Content Guard Pro follows WordPress security best practices:

CSRF Protection: Every form and AJAX request uses WordPress nonces.

Capability Checks: Every action verifies the user has permission (current_user_can()).

SQL Injection Prevention: All database queries use $wpdb->prepare().

Output Escaping: All output is escaped appropriately (esc_html(), esc_attr(), esc_url()).

Input Sanitization: All user input is sanitized before processing.

Secure Defaults: The plugin ships configured safely out of the box.

Pattern Updates

Detection pattern updates are:

  • Cryptographically signed before distribution
  • Verified against a hardcoded public key before application
  • Delivered over HTTPS
  • Capable of rollback if issues occur

Data Protection

In Transit

All data between your browser/plugin and our servers uses TLS 1.2 or higher with strong cipher suites.

At Rest

Sensitive data stored on our servers is encrypted with appropriate key management.

Minimization

We collect only what we need:

  • Scan results stay on your server—we don’t receive your content
  • URLs for reputation checking are processed in real-time, not stored
  • Site URLs are hashed for privacy

Backups

We maintain encrypted, geographically redundant backups of our code and API databases with regular restoration testing. You are responsible for your own website backup.

Operations

Monitoring

  • 24/7 automated monitoring
  • Security event logging and alerting
  • Regular log review
  • Anomaly detection

Incident Response

We have a documented incident response plan covering:

  • Roles and responsibilities
  • Communication procedures
  • Investigation and containment
  • Post-incident review and improvement

Business Continuity

  • Regular tested backups
  • Disaster recovery procedures
  • Redundancy for critical services

Vulnerability Disclosure

If You Find Something

We welcome responsible disclosure. If you discover a security issue:

Email: [email protected]
PGP Key: Available on request

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested remediation (if you have one)

Our Commitment

When you report a vulnerability:

  • We’ll acknowledge receipt within 48 hours
  • We’ll provide an initial assessment within 7 days
  • We’ll keep you informed of progress
  • We won’t take legal action against good-faith researchers
  • We’ll credit you publicly if you want (and the issue is valid)

Guidelines for Researchers

We ask that you:

  • Give us reasonable time to fix issues before public disclosure
  • Avoid accessing, modifying, or deleting others’ data
  • Don’t perform denial-of-service attacks
  • Don’t social-engineer our team

Third Parties

Vendor Assessment

We evaluate the security practices of services we depend on:

  • Cloud infrastructure
  • Payment processors
  • Analytics providers
  • Reputation data sources (Google Safe Browsing, PhishTank)

Integration Security

Third-party integrations use:

  • Encrypted connections
  • Server-side API key management (never exposed to clients)
  • Rate limiting
  • Fallback mechanisms

What We Can’t Do

Security Is Shared

We secure our infrastructure and code. You’re responsible for:

  • Your WordPress installation: Keep core, themes, and plugins updated
  • Access credentials: Use strong, unique passwords; enable 2FA
  • Your hosting environment: Choose reputable hosts with security features
  • Backups: Maintain and test them regularly
  • Responding to findings: Don’t ignore Critical findings

No Guarantees

We implement solid security practices. But we can’t guarantee:

  • Our measures will prevent all incidents
  • The plugin will detect every threat
  • Your site will be secure because you use our tool

Content Guard Pro identifies potential database-level security issues. It’s one tool in a layered security strategy. Use it alongside file scanners, firewalls, strong passwords, regular updates, and good backups.

Liability

Our liability for security incidents is capped as described in our Terms of Service.

This isn’t us being evasive. It’s us being realistic about what any vendor can reasonably promise.

Your Security Checklist

To get the most from Content Guard Pro:

  1. Keep software updated: WordPress, themes, plugins, PHP
  2. Use strong passwords: Unique for every account
  3. Enable two-factor authentication: On WordPress and everywhere else
  4. Maintain backups: Test them periodically
  5. Review findings promptly: Critical issues deserve immediate attention
  6. Use reputable hosting: Security features matter
  7. Limit admin access: Only give permissions people actually need
  8. Don’t rely on one tool: Content Guard Pro + file scanner + firewall + backups = better than any single solution

Updates

We update this policy as practices evolve. Significant changes will be announced on our site.

Contact

Security issues and General questions: [email protected]

 

Scroll to Top