Support

Hello Stuart,

I'm afraid we cannot provide such a service. Frankly, we do not have any time to spare on custom projects. We are already working full time -and then some- to develop and support our software.

On top of that, security is a process, not something you install and forget. I have been saying that in all of my security presentations the last seven years :) Having good security requires knowing how the site works and adapting to its changes over time. Security is meant to be part of your business process, not an afterthought. The only way outsourcing security could ever work is if you outsourced the complete management of your site, from the hosting environment to the last plugin installed. This is something that requires a lot of time and comes with a high cost. We don't offer that service.

What we do offer is a tool which can be used as part of your security regiment. The documentation is a long read but it doesn't just tell you click here and click there or copy-paste the titles of the security features. It is designed to teach you about site security, practical threats and how we're dealing them with Admin Tools features. It also tells you how these could interfere with the workings of your site so that you have a good clue of what's going on. In the end of the day you know how your site is set up, its demographic and can decide whether to favor security over convenience. I recommend taking the time to carefully read through the documentation and slowly work through your site's security setup. It will take time but by the end of it (about 3-4 days) you will have a good grasp on basic security concepts and confidence that you know what you're doing.

Regarding the last part, encryption of data at rest, I don't see that being feasible. You cannot slap encryption at the application level and be done with it. For starters, it requires massive changes in the software, essentially writing new software almost from scratch. Furthermore, this would completely break the database search. Not to mention that if you want that to store credit card information it'd land you in hot legal water as it'd not fulfill the requirements of Payment Card Industry (PCI) certification. Getting PCI certified required crazy things like biometric access control to the physical material holding the information, incinerators and tamper-proof hardware encryption. It's not something you'd like to do unless you have a few dozen millions to spare - in which case I doubt we'd be having this conversation. The best thing to do is not asking people for their CC over unencrypted email. In fact, don't ask them for their CC at all; use a third party payments processing service (like a bank) and don't even keep the full CC number on hardcopy. Stop thinking about encrypting data at rest, it's not what a small to medium business should ever be doing (you don't have the resources to do it properly and anything else means that you are facing unacceptable legal risk).