Security, Backups and Business Continuity Plann

Our systems are very secure. Please review all of the ways we keep your content safe and secure. And learn how would we would continue after a major catastrophe.

Secure Web Servers 

Our platform uses a "push publish" technique, meaning that most of the public facing web pages are served statically on physically remote servers. This approach also makes our websites very fast, reducing the time to first byte (TTFB).

SSL Certificates

SSL certificates are provided free on all standard hosting plans and above. SSL certificates are provided by Lets Encrypt. SSL certificates keep customer interactions with your website safe from third party snoopers. 

TLS Versions

Our web servers only support the latest TLS versions. We do not use the SSL v2 nor v3 versions, nor TLS 1.0. These higher levels of security ensure the highest security level of communication protocol between the web browser and the web server. It should be noted that this high level of security may cause very old computers to be unable to view websites. TLS1.1 is currently in review, but has continued to be offered to ensure more people on old devices can view your websites.

Secure File Storage

Private member files, provided during member registration or form posts, are stored in a secure file repository. These files can only be accessed by secured users, or via special links with hashing codes.

Secure Database

Our database runs in a multi A-Z environment, ensuring your data is safe. Should one server fail, the other backup server will automatically continue service. This feature is well tested, as the servers pass over to each other on a regular basis during server upgrades. We run the latest security patches on our database. Our database access is also secured, such that it can only be accessed by our specified IP addresses.


We use an incremental timed backup, such that we can restore a website to a specific point in time, up to 2 weeks past. In addition, we provide additional backups to other adhoc points in time.

We have offsite backups (in different countries) to deal with a major catastrophe in a geographical region. We have offline backups, to circumvent the unlikely event ofa hacker gaining access to online backups. Offline backups are storage devices that are not connected to power nor internet.

Closed Source System

Our platform is closed source, meaning that only authorised persons have access to the source code. In comparison, open source systems can expose holes to unscrupulous users.

Vulnerability Tests

We regularly run vulnerability tests on random websites, and action any important issues. 

Uptime Monitoring

We run regular health checks using multiple third party monitoring tools, such that our systems administrators are alerted to resolve any issue urgently.

Firewalls and Rate Limiting

We run 2 different firewalls. We use an industry standard firewall that is integrated with our web server. This firewall secures our web servers against many well known attacks. We also run a custom firewall at the application level, that blocks many common attacks, and rate limit robots attempting to brute force their way in, or bring your website down in a denial of service attack.

Spare Capacity and Load Balancing

Our servers are all tuned to run at around 10% of CPU usage. This allows the servers to burst up to 10 times the normal amount of activity. We also provide load balancing, so that web servers with spare capacity can take on more load if another server is busy. 

reCAPTCHA and Robot Blocking

All web forms are secured by our own custom AI anti robot firewall. This firewall looks for common spam approaches, and will force a user to complete a reCAPTCHA step. reCAPTCHA fields are provided by Google, and attempt to confirm that a human is completing the form. You can also choose to use a reCAPTCHA on all your forms. Our anti form spam AI system will learn from other users marking received enquiries as spam.

Server Patching

We patch our servers regularly, to ensure they are up to date to prevent any known operating system issues. 

Member Security

We provide a security layer that you can use to provide authorised persons access to specified pages and content. You can manage member access levels, and well as assign members to multiple groups. Pages can be secured by access level and/or by member groups. Security access involves the typical approach of a member's email address as their username, and a quality password that is automatically generated by our system. We make it easy for your customers and members to login, via a single link or button, containing a secure hash. 

Email Security

All email is sent and received via secure servers, requiring authentication. We use SPF and DKIM techniques to validate your email as authorised, and to inform other email servers not to accept email that is not from authorised mail servers. That said, your email account is only as secure as you protect your own username/password. To ensure the safety of other users of our servers, we rate limit send speeds for all users, and we independently monitor any possible black list status. Our email servers have a very good reputation, and users of our own bulk email service enjoy good deliverability and read rates. 

2 Factor Authentication

2FA is available for users to increase security over their the CMS / Control Panel logins. Our web masters can also offer 2FA to their customers to protect their logins. Our cloud systems infrastructure is also protected by 2 factor authentication, with additional restrictions such as IP routes and SSH keys. 

Other Administrator Access Privileges 

You can assign limited access to your staff and contractors, such that they can only access limited section of our website content management system. For example, some staff may only access POS, or an SEO expert can only access your SEO meta tags, but not ecommerce reports.

Logging and Monitoring

We log all sorts of system activity, such as web and email, as well as most update actions within the CMS. We regularly monitor these logs using automated tools to alert us to any suspicious behaviour, or to audit the root cause of any issues. 

Business Continuity Plan

Our core team members work in geographically remote parts of New Zealand. Our servers are situated around the globe, and our backups are stored in geographically remote locations. Our infrastructure has built in redundancy, that automatically deals with micro outages, and reroutes traffic. 

Should disaster strike one part of the world, we do not foresee any long term outage of services. Data loss would be minimal, and the loss would be limited to transactional data, or changes, over a short timeframe.  We have multiple routes to recovery of services and data.  

Domain Security

Website World was awarded the "Most Secure Domain Portfolio" by the dot nz registry in 2019. Website World regularly reviews the quality of our registrant data. Website World also offers a domain DNS locking feature, to prevent unauthorised changes.