Our hosting infrastructure has a number of security-related configurations and practices that enhance security and protect your website.

  • Each server is set up to progressively block IP addresses that are behaving in suspicious ways or failing server-level authentication too often in a short period of time. We can also explicitly add to a permanent blocklist if we are made aware of bad actor IPs or remove such blocks ahead of their expiration if needed.
  • Cloudflare protects against bots and all sorts of nefarious behavior
  • Requiring SSH keys means that anyone attempting to connect via SSH will be required to present a pre-authorized SSH key, and will never even be given the chance to try typing in a password. We manage the keys that are authorized from our 2FA-secured hosting dashboard. We only authorize our own keys on our servers, and our keys are only stored in our password manager (hence their use is gated with biometrics), to further limit the potential of damage with this means of access to the servers and sites.
  • Each website uses its own user on the server, and the root user is disabled in place of a sudo user, meaning that no single website has any way to affect any other website, nor see its files or database, nor affect the core operating system, and vice-versa.
  • Each website is only accessible over HTTPS and uses a TLS certificate that is automatically managed and issued by Let’s Encrypt. The certificates are valid for just 90 days, and should renew 30 days before they expire.
  • Each server automatically installs all security updates for underlying services such as nginx, MySQL, PHP, Ubuntu, and more, and only alert us if said updates require server reboots, which only take 2-3 minutes and we aim to do in the evening. We regularly install other software updates manually.
  • Only the required ports for HTTP, HTTPS, and SSH are exposed to the live internet.
  • When the version of Ubuntu or MySQL a server is running is about to reach end-of-life we migrate all sites on that server to a server running a newer version of that software.

Always Improving

We are always improving the security configurations and services that form the security backbone of the websites we host and maintain. We aim to keep this document updated as our practices evolve. We are actively involved in assorted WordPress and Statamic communities, and regularly read technology news, to help learn of new practices and security threats. If you have any suggestions for the security of our hosting infrastructure, please don’t hesitate to send us them.

Tenseg LLC

Saint Paul, Minnesota

+1 651-323-2009

contact@tenseg.net

Copyright 2015–2026 Tenseg LLC