1. How often have you been DDOS attacked?
We have not yet been the victim of DDOS attacks and have never been blackmailed. Regardless, there is not much money to be made from us 😉
2. How do you protect yourself from other attacks?
The firewalls are configured so that, in addition to https, only the ssh protocol is permitted, for which a particularly secure cryptographic key is required for authentication (ED25519). If an attacker makes multiple failed attempts to access the network, he will be blocked.
3. What data can attackers steal if they hack you?
If our backup server were to be hacked, only encrypted data would be stolen. WordPress installations and WECHANGE portals run in individual, separate environments. If an attacker gains access to a WordPress installation, he or she will not have access to other WordPress sites or WECHANGE portals, and vice versa.
We do not collect any personalized metadata about users because advertising is not part of our concept. Accordingly, potential hackers cannot find out anything about users' usage behavior and cannot read anything in our internal analysis tool or carry out meta-analyses.
4. Do you always have the latest security updates?
All services that we do not develop ourselves are updated by our service partner as soon as security updates are available. WECHANGE is programmed in Django / Python. We implement Django security updates within a maximum of 10 days.
6. How do you protect yourself against cross-site scripting and similar?
All requests from the browser contain a CSRF (cross-site-request-forgery) token, which prevents other websites from forging requests to WECHANGE.