Main Support

Is it safe to manage my websites with Watchful?

Watchful is a powerful website maintenance tool and so security is of paramount importance. We focus our security efforts in four areas to maximize safety.

1. Secure communication protocols

Watchful relies on a secure connection to each of the sites in your account to obtain information and perform maintenance tasks. This connection is secured in 2 ways.

First, a unique Secret Key is generated when you install Watchful and add a site to your account. This key is required to connect to your site. Any attempts to connect to your site via Watchful without this key are rejected.

Second, the Secret Key is encrypted during communications/maintenance tasks with a time-based token. As such, we protect against man-in-the-middle attacks. In other words, even if a bad actor is able to monitor requests from Watchful to your site (already a very difficult task), they would not be able to read or use the Secret Key for their own purposes.

2. Secure data storage

Watchful monitors and stores a lot of data about each of your websites. This allows us to send you alerts when things change. It also allows you to view site activity logs and perform routine site maintenance. 

All of this data is encrypted in our databases using the industry standard AES-256 encryption algorithm. In the case of a data breach, the data would remain protected. Automated backups, read replicas, and snapshots are encrypted in the same manner.

3. No storage of files or sensitive credentials

Watchful does NOT store copies of any of the files on your web server/website. This includes configuration files for your CMS.

Similarly, we do not store any website backups. Any backups scheduled by Watchful are performed directly on your web server/hosting account.  The backups are stored directly on your server or transferred to a cloud storage service per the configuration of your backup software.

As such, it is very, very difficult to obtain sensitive information about your sites (such as database credentials for example) via Watchful.

4. Secure account access (2FA)

Like your website, you must remain vigilant to restrict access to your Watchful account. Of course, using a strong account password is critical. 

Additionally, we strongly recommend the use of 2-factor authentication to further block unwanted account access.