Privacy Policy

WP-Optimize and WP-Optimize Premium are trademarks of Simba Hosting Ltd.
UK registered company number: 8570611, VAT number: 202 1260 80
Product development and marketing in co-operation with XIBO Ltd, Cardiff, UK.
This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

 

What personal information do we collect from the people that visit our blog, website or app?
When ordering on our site, you may be asked to enter your name, email address, billing address, phone number, credit card information or other details to help you with your experience.

When do we collect information?

We collect information from you when you place an order, subscribe to a newsletter or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To quickly process your transactions.
How do we protect your information?
As per the Data Protection Act 1998, your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information you supply is encrypted during transport via Transport Layer Security (TLS).
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
Credit card information
We do not directly store your credit card information. Credit card information handling is performed by a 3rd party payment processor (Stripe, or PayPal).
All payment transactions are processed through a gateway provider and no card details or card tokens are stored on our servers. We do store other billing, order and contact information on our servers.
Do we use ‘cookies’?
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
We use cookies to:
  • Help remember and process the items in the shopping cart.
  • Understand and save user’s preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
We may also use trusted third-party services that track this information on our behalf (e.g. Google Analytics).
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies through your browser settings. Since all browsers are a little different, look in your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, some features that make your site experience more efficient may not function properly.
Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information. Credit card information handling is performed by a 3rd party payment processor (Stripe and/or PayPal).
Third-party links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Email newsletter:
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties or shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website’s email newsletter program.
Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is not a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will be detailed instead.
Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
As a UK-based company, whilst neither affirming nor denying that we are bound to accept the requirements of foreign laws, nevertheless, to comply with CalOPPA, we agree to the following:
Users can visit our site anonymously.
You will be notified of any Privacy Policy changes:
  • On our Privacy Policy Page
  • Can change your personal information:
  • By logging in to your account
Does our site allow third-party behavioural tracking?
It’s also important to note that we do not allow third-party behavioural tracking
In addition to the points above, as a UK-registered company, we are registered under UK data protection laws, such as the UK Data Protection Act 1998, and are subject to the resulting data protection requirements.
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Last Edited on 2018-02-16

GDPR compliance with UpdraftPlus: encrypting the databases in your WordPress backups if they contain user data

GDPR is an important new data regulation coming into force soon across the whole of the EU. We’re working on fully complying ourselves with our own customer data, and have launched a Data and Privacy Centre here: https://updraftplus.com/data-protection-and-privacy-centre/.  This should be fully complete within the next few days.
As part of the law, many customers are asking if our software helps them be compliant.  We’ve put out details on what information we collect here.

One thing you need to ensure is that your backups of your customer’s private data are protected. To help with this, UpdraftPlus Premium can encrypt the data in your backups. It has an industry-standard AES encryptor keeps all of the sensitive WordPress installation data (e.g. passwords, lists of users, secret keys, etc.) stored in your database completely secure. Find out more here: https://updraftplus.com/shop/moredatabase/.

The post GDPR compliance with UpdraftPlus: encrypting the databases in your WordPress backups if they contain user data appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

Upcoming UpdraftPlus feature: Clone data anonymisation

As a WordPress user, you may have created a site with members who have been granted various levels of access other than admin; such as editor or moderator. As such, you should be aware that as the owner and admin of this site, should you attempt to clone the site and its members / level of access information, many of the details about these users is classed as ‘data’. Unless this data is handled carefully, it could result in violation of GDPR laws. 

Currently, in order to comply with GDPR laws when cloning a site and user data, you need to wipe or edit all of the relevant data on the cloned site immediately after it has been created. This task can be time consuming and annoying. 

UpdraftPlus has been working on a way to help administrators fix this issue. In the 2.16.47 version of UpdraftPlus onwards, when creating a backup, you will have the following different anonymisation options: 

Anonymise personal data for all users except the logged in user: This option will anonymise all personal data for all users except for the user who is logged in and creating the backup.

Anonymise personal data for all users except staff: This option is the same as the first option, but anyone with the following user roles will be counted as staff and their data will not be anonymised.

The current staff user roles are:

  • Administrator
  • Editor
  • Moderator
  • Shop_manager
  • Fue_manager
  • Plugin_manager
  • WPSEO_editor
  • SEO_manager 

We hope these updates will help users cloning sites, to be aware of and more easily comply with GDPR regulations.

The post Upcoming UpdraftPlus feature: Clone data anonymisation appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

How to increase security while developing a WordPress site

Sixteen years after its release, WordPress is the most popular content management system (CMS) in the world and currently powers around one-third of all sites on the web. As WordPress become more popular, it increasingly draws the attention of hackers who are eager to access the valuable information contained within a website, which in turn makes WordPress increasingly risky to use. 

According to an ongoing study and analysis conducted by EnableSecurity founder and CEO, Sandro Gauci, more than 70% of WordPress installations are vulnerable to cyber attacks. There are two main reasons for this:

  1. Users continue to use outdated WordPress software that is not equipped to handle the latest cyber threats.
  2. Users do not install any type of security measures to protect their websites from hacks. 

There can also another reason why WordPress sites are vulnerable to attacks. Users often install apps that do not provide full protection against destructive online activity. Developers may implement malware detection or a virus protection app to help with the security of the site, but these types of protective apps do not provide complete protection from all cyber threats and they do not actually prevent an attack. Instead, these apps typically work by dealing with the attack during or after its occurrence. 

What can WordPress site builders do to increase security while developing a WordPress site? 

Let’s explore some options below.

1. Use a virtual private network (VPN)

The best way to protect a WordPress site is to use a VPN service.

What is a virtual private network? 

A virtual private network (VPN) is at its core, an encrypted connection over the Internet from any IoT (Internet of Things) device to a private or public network. There are several ways a VPN provides this protection, ultimately preventing unauthorized users from accessing any device throughout the network. If a hacker cannot access a device or break the encryption, then they are unable to break into the WordPress site. 

Virtual private networks are widely used by individuals and companies alike because it is by far the most effective way to secure a network and all the digital assets and users contained within it. The main features of a VPN include:

  • Endpoint security through virtual tunnelling – Data is encapsulated and untraceable or unreadable.
  • IP masking – The WordPress site IP address (or user IP address) is given a different location in a remote area, while the actual IP address is hidden from the hacker.
  • All traffic and data are encrypted so that a hacker or other entity cannot read it.
  • All developer activity on the WordPress site during development is untraceable since the VPN keeps no records or logs of activity.

2. Find a reputable hosting provider

The simplest way to protect a site is to find a reputable hosting provider that also utilizes multiple strategies for security. Many hosting providers use VPNs to keep their data and users safe. 

Users should take care to avoid cheap providers that offer eye-catching savings. While the user may save money on the front end, the cost of using an unsafe provider could be devastating in the long run. A users WordPress data could be vulnerable to ransomware, spyware, viruses, or phishing. 

There are several options for choosing a safe WordPress hosting service. Experts and users generally recommend the following hosting services:

  • HostGator
  • A2 Web
  • DreamHost
  • Hostwinds
  • Liquid Web
  • 1&1 Ionos

3. Install a top WordPress security plugin

WordPress offers a wide range of security plugins from third-party providers that can add an additional layer of security to the site. Plugins can regularly monitor the site for strange code or unauthorized access to the account. They also offer such features as:

  • Audits for suspicious activity
  • Monitoring the integrity of files
  • Malware scanning & detection
  • Monitoring for blacklisted items
  • Tightening security in certain areas of the site
  • Hack detection & response
  • instant alerts & notifications
  • Website firewalls

Many of these plugins should only be used as a supplemental security measure. While they may be reliable, they do not prevent hacks. They only monitor the website and act as an intrusion detection system (IDS). A VPN is a better option for actually preventing a cyber attack. 

4. Create an impenetrable password

Most passwords manually created by users are weak. Why is this? They are often predictable, too short, or they contain a logical sequence of letters and numbers. For instance, most users create passwords that start with a capital letter, have 8 to 11 letters which is then followed by 2 to 4 digits. This combination of letters and numbers makes it relatively easy for hackers to figure out the password.

The best passwords are at least 10 digits long and use a jumbled combination of numbers, symbols, and letters that make no logical sense and have no connection with the user. The more complex the password, the more secure the WordPress site. 

5. Get an SSL certificate

No website should exist without a secure sockets layer (SSL) certificate. But what is an SSL certificate? 

An SSL Certificate is a small data file that attaches a cryptographic key to the website / company details. Once the SSL is installed on the web server, it activates a digital ‘padlock’ or HTTPS protocol which virtually guarantees a secure connection from the server to the browser. SSL certificates are valuable for WordPress site builders who plan to operate an eCommerce store, engage in substantial data transfer, or create a site that will host lots of interactive features. 

SSL is mandatory for any WordPress site where the owner requests to store private or sensitive data such as account setup or payment information. SSLs also prevent data from being delivered in plain text, which would make it much easier to hack. 

With all the security threats that endanger websites today, WordPress site developers should take multiple precautions for securing their sites. Start by using a VPN to create a barrier around both the site and the network. From there, developers can use practical methods such as finding a reputable host, using sensible passwords, and utilizing security plugins. Every bit helps to ensure that a website is safe for all who visit.

Add two factor authentication and UpdraftPlus plugins

The post How to increase security while developing a WordPress site appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

Important – new privacy centre & how do YOU hold user data on your WordPress site?

Do your WordPress sites contain EU user or customer data?  If so, today is GDPR day which means you now legally need to consider the privacy and security of their data whether or not you’re in the EU.

If you backup your WordPress site with EU user data, then you need to consider the security of those backups. UpdraftPlus Premium can protect the customer data in your backups by encryption and lock settings access. It can also delete old backups, which is another important consideration as you mustn’t keep unused EU user data under GDPR.

If you’d like to see our own privacy policies on how we protect your data (or unsubscribe from this newsletter), then we’ve built a helpful privacy centre here.

The post Important – new privacy centre & how do YOU hold user data on your WordPress site? appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.