SECURITY

Why TourSoft is Always Up to Date & Secure

Why TourSoft is Secure

A tour website has many components which need to be kept up to date. Server software, CMS (WordPress) core, plugins, contact forms, signup forms, payment gateway, and booking system. TourSoft manages all this for you on our secure cloud server.

Keeping WordPress Updated

TourSoft is built on the WordPress CMS, which is world's most popular CMS, powering about 60% of the internet. The WordPress Security Team is made up of approximately 50 experts including lead developers and security researchers who work diligently to neutralize any vulnerabilities that surface within the WordPress core. Security patches are included in core updates that are released consistently and on a regular basis. In fact, since WordPress was initially released, over 2,450 security vulnerabilities have been quickly patched. Keeping WordPress up-to-date is by far, the single most critical action you can do for the security of your site. The TourSoft development team manages all these updates for you, ensuring your site is as secure as possible.

Theme & Plugin Management

Themes and plugins are essential ingredients of any WordPress website. Unfortunately, they can also pose serious security threats. It’s not just WordPress core that needs to be updated—you also need to keep your plugins and themes current and up to date. A recent study on WordPress security issues showed that 63% of WordPress vulnerabilities come from outdated plugins and themes. The TourSoft development team takes care of this for you by carefully managing both the core theme and all plugins used, ensuring they are always up to date with the latest security patches.

WordPress SSL

Another level of WordPress security is an SSL certificate. SSL stands for “secure socket layer,” and it creates an encrypted connection between your server and a user’s browser. You can tell when a site has SSL because the URL starts with https instead of just http. SSL is also required for many e-commerce sites as part of PCI compliance. Google is now paying attention to SSL and in the Chrome browser they’re noting sites that don’t use https as non-secure. All TourSoft sites include SSL by default so your site is automatically protected.

WooCommerce Security

TourSoft uses WooCommerce, the most popular eCommerce platform on the web. With over 43,775,000 downloads, WooCommerce powers over 28% of all online stores, so you can rest assured you're in good company. Security measures are built into WordPress and WooCommerce out of the box. With an SSL certificate we protect logins & credit card numbers. And any payment gateway you find on WooCommerce.com will use proper security standards.

Server Side Security

One of the most important aspects of site security is the server your site is hosted on. All TourSoft sites are hosted on a leading cloud server which provides international coverage for maximum speed and security. Each of their server facilities enforces multiple layers of security via a variety of technological and human measures. Beyond that, all their equipment is in locked cages. They enforce strict filtering rules to ensure that nodes can only communicate using their allowed IP addresses. This prevents nodes from spoofing other nodes' IPs or performing man-in-the-middle attacks on the private network. Nodes themselves operate within KVM virtualization, which ensures that each node has its own kernel and userspace, which are fully separate from other nodes. This ensures that a malicious node cannot access either the host itself or other nodes' resources.

TourSoft CDN explanation global map of Cloudflare access points

CDN Security

TourSoft uses the CloudFlare CDN (content delivery network) which improves the security, speed, and availability of a website by routing traffic to existing websites through their infrastructure. They've rapidly emerged in recent years to become a large player in the online world, with 5% of the globe's traffic now dependent on CloudFlare. By encapsulating your website within their service, they're able to provide services ranging from SSL-enabling sites to implementing firewall rules and security controls, all without touching the existing site. Cloudflare has built a global network of data center locations and partnerships to expand its DDoS protection, security tools and website acceleration services, and provides a large variety of security settings. From a DDoS protection to fully integrated WAF(web application firewall) In an emergency, their servers can be configured against ongoing HTTP-based DDoS attacks by enabling "I'm Under Attack Mode". This security mode can mitigate DDoS attacks by presenting an interstitial page to verify the legitimacy of a connection before passing it to your web server.

Get in Touch

Book your personal demo today!