Is it safe to manage my websites with Watchful?
Watchful is a powerful website maintenance tool and so security is of paramount importance. We focus our security efforts in four areas to maximize safety.
1. Secure communication protocols
Watchful relies on a secure connection to each of the sites in your account to obtain information and perform maintenance tasks. This connection is secured in 2 ways.
First, a unique Secret Key is generated when you install Watchful and add a site to your account. This key is required to connect to your site. Any attempts to connect to your site via Watchful without this key are rejected.
Second, the Secret Key is encrypted during communications/maintenance tasks with a time-based token. As such, we protect against man-in-the-middle attacks. In other words, even if a bad actor is able to monitor requests from Watchful to your site (already a very difficult task), they would not be able to read or use the Secret Key for their own purposes.
2. Secure data storage
Watchful monitors and stores a lot of data about each of your websites. This allows us to send you alerts when things change. It also allows you to view site activity logs and perform routine site maintenance.
All of this data is encrypted in our databases using the industry standard AES-256 encryption algorithm. In the case of a data breach, the data would remain protected. Automated backups, read replicas, and snapshots are encrypted in the same manner.
3. No storage of files or sensitive credentials
Watchful does NOT store copies of any of the files on your web server/website. This includes configuration files for your CMS.
Similarly, we do not store any website backups. Any backups scheduled by Watchful are performed directly on your web server/hosting account. The backups are stored directly on your server or transferred to a cloud storage service per the configuration of your backup software.
As such, it is very, very difficult to obtain sensitive information about your sites (such as database credentials for example) via Watchful.
4. Secure account access (2FA)
Like your website, you must remain vigilant to restrict access to your Watchful account. Of course, using a strong account password is critical.
Additionally, we strongly recommend the use of 2-factor authentication to further block unwanted account access.
Search Knowledge base
- Add a website to Watchful
- Does Watchful support managed hosts like WP Engine, Flywheel, and Pantheon?
- How do I generate reports for my clients?
- How to add Tags to your WordPress & Joomla websites in Watchful
- How to use the Auto Update Scheduler
- How to use the Auto Updater
- Managing your auto-updating softwares
- Scheduling remote backups for Joomla
- Scheduling remote backups for WordPress
- The three types of backups in Watchful