Created on 17.9.2025, last updated on 17.9.2025
Security in Culture & Processes
Security is not an extra for us, but an integral part of every project. When we implement websites, individual WordPress plugins or hosting solutions for you, we always make sure that we have a solid foundation. We are guided by European standards such as the Cyber Resilience Act (CRA), NIS2 and the GDPR. In concrete terms, this means:- Secure by Design & Default – we develop according to best practices (OWASP, WP Coding Standards).
- Fast updates – we close critical security gaps within a few hours or days.
- Clear responsibilities – our hosting and maintenance contracts regulate exactly who installs which updates.
- Transparency – we keep changelogs for our plugins and communicate openly about updates in the monthly reports we send to our customers.
Concrete security measures
- Avenues: All admin and hosting access is protected with multi-factor authentication and follows the principle of least privilege.
- Passwords: All of the passwords we create are complex strings that password apps rate as “Excellent.”
- Backups: We create daily, encrypted backups and regularly test the recovery. In addition, we create external backups at longer intervals.
- Updates: We install WordPress core, plugins, themes, PHP and server patches promptly – critical updates immediately, others within 14 days.
- Monitoring & Incidents: Our systems run under 24/7 monitoring. In the event of security incidents, we respond within 24 hours and proactively inform affected customers.
- Standards: We are guided by ISO 27001, OWASP Top 10 and the requirements of the EU Cyber Resilience Act.
Vulnerability Disclosure Policy (VDP)
We would love for you to help us make our software more secure. If you find a security vulnerability in one of our plugins, integrations, or in a website we operate, please contact us.How to reach us
- E-mail: security@anwert.io
What we promise
- We’ll approve your report within 72 hours
- We usually resolve critical issues within 14 days
- We’ll keep you updated on the progress
- We won’t take legal action against you as long as you report responsibly
Responsible Reporting Guidelines
- Please no public posts until we provide a solution
- No exploitation of the vulnerability or access to third-party data
- No active interference with our services (e.g. DDoS tests)
WordPress Hosting
Hosting is the basis for every website – and a secure basis is important to us. We work with leading infrastructure partners (e.g. WP Engine, dedicated servers in the EU) and make sure that your site runs stable and protected.What we offer you
- Servers in the EU – GDPR and NIS2 compliant
- Daily backups – so nothing gets lost in an emergency
- Monitoring & Alerts – we keep an eye on your site 24/7
- DDoS & Firewall Protection – Against the Most Common External Attacks
- Regular updates – operating system, PHP and all important components
- SSL included – encrypted connections are standard
- ISO 27001:2022 certified
- (SOC 2®) Type II Compliance given
Service Level Agreement
So you know what you can rely on, here’s our hosting service level:- Availability: 99.99% uptime per month
- Backups: daily backups, kept for at least 30 days
- Updates: security-related updates of server & PHP within 7 days
- Monitoring: 24/7 system monitoring with immediate alerting
- Response time: in case of critical incidents, we respond within 24 hours
WordPress plugins
We develop our own WordPress plugins, which we use in many customer projects. To ensure that they remain stable and secure, there is a clear maintenance and update policy:- Lifetime support: We maintain our plugins for at least 5 years or as long as they are actively used in customer projects and we exist as a company.
- Security updates: We patch critical vulnerabilities within 14 days.
- Changelogs: We document each new version with release notes, which our customers can view if they want.
- Distribution: We deliver updates via our maintenance services (e.g. WP Umbrella, GitHub Releases or direct installation).