Q: How does Windmill Strategy ensure website security, and what should I know about potential risks?

At Windmill Strategy, we prioritize the security of your website by hosting all of our sites on WPEngine, a platform known for its industry-leading security measures. WPEngine is SOC2 Type II and SOC3 compliant and holds ISO 27001:2013 certification, providing a solid security foundation for WordPress marketing websites. Their base level of security is robust enough to protect against common threats.

For clients requiring additional security layers, we can implement further measures to guard against less common vulnerabilities, tailoring security solutions to your site’s specific needs.

Potential Risk: HTTP URLs in Redirect Chains
One security concern involves having HTTP URLs in a redirect chain, which could allow malicious actors to redirect your site to an unauthorized destination during the redirect process. While this risk is more significant for websites collecting sensitive information (like payments), most marketing websites aren’t typically targeted for this vulnerability. However, we recommend minimizing HTTP in redirects as a best practice.

For more information on security:

• WPEngine Security Headers: Implement these on all sites to improve security.
• WPEngine Security FAQ: A useful resource for clients.

If you have any specific security concerns, our team is available to assist.