Security baseline
Security baseline is implemented across server, app, transport, and mail layers. Controls are explicit in service pages: CloudLinux and Imunify360 for host isolation/protection, SSL for transport, and SPF/DKIM/DMARC for mail trust.
Control layers
| Layer | Baseline controls | Operational intent |
|---|---|---|
| Infrastructure | CloudLinux isolation + Imunify360 security stack | Contain cross-account risk and improve server hardening baseline |
| Transport | SSL/TLS setup with renewal lifecycle management | Prevent plain-text exposure and certificate lapse incidents |
| SPF + DKIM + DMARC configuration | Reduce spoofing and improve deliverability integrity | |
| Recovery | JetBackup-based backup policy with restore planning | Preserve recovery path for failure or compromise scenarios |
| Application | WordPress core/plugin update discipline (via Care model) | Reduce known-vulnerability exposure in production |
Operational rules
- Do not defer security-critical updates without written risk acknowledgment.
- Keep credential access least-privilege and role-bound.
- Treat backup restore verification as recurring, not one-time.
- Validate mail-auth records after DNS or provider changes.
Event handling
01
Detect
Capture suspicious signal from monitoring, logs, or client report.
02
Contain
Apply isolation or access controls to limit spread.
03
Recover
Restore known-good state using validated recovery path.
04
Review
Document root factors and prevention actions.
Critical reminderSecurity incidents require immediate containment priority over feature continuity. Preserve evidence before destructive cleanup actions.