SELF-HOSTED INSIDE MULTIPLE LAYERS OF PROTECTION
The most trust-worthy system is one that you don’t have to trust.
That is why we built InfiniteWP as a self-hosted platform with security and privacy at the core.
How is a self-hosted tool more secure for you?
Don’t you hate it when Facebook changes their policies and all of a sudden your private images are openly available to the whole world? That can happen to your websites while using a hosted solution. They can change the rules whenever they want. Owning code isn’t something people think about until something bad happens. A self-hosted platform is innately private and it’s security is absolutely under your control.
Since you’re hosting it on your server, search engines will not index the page and potential attackers will not have a list of sensitive directories to attack.
INVISIBLE TO THE WORLD
You decide where you want to install the admin panel. Be it in the root folder or in some password-protected folder deep down a chasm in your server.
Fortify your admin panel with multiple layers of protection
In addition to being self-hosted, there are steps you can take to secure your admin panel.
When you install a SSL certificate and enable HTTPS for the admin panel, all communications between the browser and your admin panel will be encrypted. This prevents a malicious person from eavesdropping on your data also ensures that the data is being sent only to the intended server.
2 FACTOR AUTHENTICATION
In the event of someone gaining access to the location of your panel, logging in with just a email + password combination is very unsecure. Weak passwords can be easily cracked. With 2FA, login requests have to be authenticated via email, sms or a mobile app. This adds an extra layer of protection to your panel.
You can password-protect the folder where you have installed the admin panel. So, even if someone knows the location of your panel, they will still need to enter the password to go into that folder. It also safeguards your panel from brute force attacks when an attacker recursively makes password guesses at random.
You will be able to login to your panel only from specific IP addresses that you explicitly white-list or allow access. This means that once you add your static IP or IP range to the list of allowed IPs no one else will be able to access it, even if someone knows your panel URL.
All your data transmissions are secured with OpenSSL
ENCRYPTION & IDENTIFICATION
OpenSSL encrypts all your data that is being sent, with a private key + public key combination. This means that even if a hacker somehow grabs the data mid way, it will be total gibberish since it’s encrypted. Even with a super computer, it will take them more than a 1000 years to decrypt. So yea, it’s super secure.
All communication between your WordPress site and the admin panel begins with a secure handshake. This handshake will consist of sending multiple certificates. Both servers agree upon the type of encryption to use and create a session ID so that all data sent during that session will reach only the intended recipient server. Simply put, SSL ensures that your data is not sent elsewhere.