Security & Compliance
Frequently Asked Questions

All websites require some level of security. Based on the type of website, it will determine what and how such security measures are necessary. Your site viewers want to trust that your website will not serve them infected content and will not expose their private data. At Right Turn Web, we find it incredibly sad to see so many websites (especially those on WordPress) that lack even basic security. So many web companies claim they are web developers when, in fact, they are just web designers. There is a HUGE difference between the two. If you are working with a company that suggests using a platform like WordPress (or has already done so), you should ask them why and what precautions they plan to implement to keep your website secure. When "developed" properly, WordPress can be a viable tool in the right circumstances. All too often however it is used as the go-to option instead of a choice. If your web company suggests WordPress to you, they should clearly explain why and what specific actions they are taking to secure it. And they (you should request) put in writing. They should also explain what their role will be if the site is hacked and whether they will provide a fix at no additional charge. Unfortunately, many less-than-honest web companies understand and leave in WordPress vulnerabilities as they believe "future fixes and maintenance" is a good business model for ongoing revenue. Right Turn Web operates on a higher moral standard.

• • Due to its popularity, WordPress faces about 90,000 attacks per minute.
• • Nearly 8% of WordPress websites are hacked due to weak passwords.
• • WordPress websites are highly susceptible to vulnerabilities when they aren't updated regularly.
• • Nearly 61% of attacked websites were outdated.
• • 52% of WordPress vulnerabilities arise from outdated plugins.
• • Nearly 42% of WordPress sites have at least one vulnerable component.
• • Compared to WordPress, which faces 95.6% of attacks, OpenCart only faces 0.35% of cyber attacks.
• • In many cases, we see the most egregious issues when so-called web companies develop sites on WordPress, specifically in their failure to hide the admin login page. This failure creates a straightforward first step for an attacker to gain complete administrative control of a WordPress website and also to steal all associated client/customer information. To easily test if your WordPress website has been left vulnerable (intentionally or unintentionally), add the following to the end of your domain. "/wp-admin". (Example: yourdomain.com/wp-admin). If you found it that easy, just think how easy it will be for all the hackers. How secure do you feel now? What are you going to do about it? Need our help?

Yes, we offer maintenance contracts tailored to meet our clients' specific needs.

Yes. GDPR refers to data protection regulations under the European Union, and CCPA refers to data regulations under the California Consumer Privacy Act.

We maintain a local backup of all our clients' web projects. We also maintain a cloud backup for redundancy. When working with clients, we will advise on various types of website hosting servers and additional backup options available through them. When a backup is needed, the idea is that backups are located at multiple places to ensure as rapid and hassle-free a recovery as possible.

We develop with security as a priority. We have certification through Palo Alto Networks in Cybersecurity Foundation. In many cases where security is an issue, this is due to vulnerabilities on the user's side. We work with clients to explain effective security protocols, how to mitigate cybersecurity risks, and how to train employees as needed on best practices to minimize security threats. For web-based files, we maintain multiple tiers of backups and encourage clients to back up their data at the server level as needed, to help ensure backups are available when required, whether due to natural disasters or a breach.