We are happy with that healthy dose of skepticism because it is the attribute of a security-minded customer.

On Web Hosting Magic,  the security of your account information,  as well as your invoicing and payment information is paramount and probably trump everything else, well .. along with uptime.

To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security and make every effort to ensure complete confidentiality.

Our billing system automatically encrypts your confidential information using the Secure Sockets Layer (SSL) protocol with an encryption key length of 256 bits, the highest encryption level commercially available.

We use Stripe as our payment processor and Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider.

This is the most stringent level of certification available in the payments industry.

 

We Use Using TLS and HTTPS

TLS refers to the process of securely transmitting data between the client—the app or browser that our customer is using—and your server. 

This was originally performed using the SSL (Secure Sockets Layer) protocol. However, this is outdated and no longer secure and has been replaced by TLS. The term “SSL” continues to be used colloquially when referring to TLS and its function to protect transmitted data.

Payment pages make use of a modern version of TLS (e.g., TLS 1.2) as it significantly reduces the risk of us or our customers being exposed to a man-in-the-middle attack.

TLS attempts to accomplish the following:

we encrypt and verify the integrity of traffic between the client and our servers.

we verify that the client is communicating with the correct server. In practice, this usually means verifying that the owner of the domain and the owner of the server are the same entity. This helps prevent man-in-the-middle attacks.

Without it, there’s no guarantee that we’re encrypting traffic to the right recipient.

So, our customers are more comfortable sharing sensitive information on pages visibly served over HTTPS.

 

Encryption Of Sensitive Data And Communication

All card numbers are encrypted at rest with AES-256.

Decryption keys are stored on separate machines. None of our internal servers and daemons are able to obtain plain-text card numbers. 

Our infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).

 

Vulnerability Disclosure And Reward Program

Our security team rapidly investigates all reported security issues. 

If you believe you’ve discovered a bug in Web Hosting Magic’s security, please get in touch with our RedTeam

We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Web Hosting Magic.

We understand the hard work that goes into security research.

To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities.

Web Hosting Magic rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).

A minimum reward of 1-month free hosting and more,  maybe provided for the disclosure of qualifying bugs. 

At our discretion, we may increase the reward amount based on the creativity or severity of the bugs.

If you report a vulnerability that does not qualify under the above criteria, we may still provide a minimum reward of a free hosting account if your report causes us to take specific action to improve Web Hosting Magic's security.

 

As with most security reward programs, we ask that you use common sense when looking for security bugs.

Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not reward denial of service, spam, or social engineering vulnerabilities.

Although Web Hosting Magic itself and all services offered by Web Hosting Magic are eligible, vulnerabilities in third-party applications that use Web Hosting Magic are not.

As with most security reward programs, there are some restrictions:

  • We will only reward the first person to responsibly disclose a bug to us.
  • Any bugs that are publicly disclosed without providing us a reasonable time to respond will not be rewarded.
  • Whether to reward the disclosure of a bug and the amount of the reward is entirely at our discretion, and we may cancel the program at any time.
  • Your testing must not violate any laws
  • We can’t provide you with a reward if it would be illegal for us to do so, such as to residents of countries under current U.S. sanctions

Visit our Bounty Program page for more information.

 

Was this answer helpful? 0 Users Found This Useful (2 Votes)

Most Popular Articles

Hosting Or Service Discounts For Non-Profit Organizations

We do offer a discount on hosting packages to accredited non-profit organizations. To obtain...
How To Reactivate A Dormant Or Suspended Hosting Account

If the account hasn't been terminated, please contact our billing department to reinstate your...
How Does Hosting Account Suspension Works When It Comes To Payment?

For credit card customers, the following time-frame applies to past due payments: First email:...
How Soon Can I Start Using My Hosting Account After Placing An Order?

Once you signed up for a hosting account and your account is approved and payment validated.
How To Change Billing Account Phone Number

Given that this is tied to your account retrieval process, we disabled it ( along with the phone...