At RoleUp, we take security very seriously and every precaution has been taken to protect any data you provide to us. Of course, this begins with encrypting all connections between RoleUp and your websites with HTTPS.
Additionally, app connections are using the REST API that is included with with WordPress. This means that we do not rely on a separate piece of software to communicate with your sites.
Are user passwords for my WordPress sites stored by RoleUp?
No, we do not store any user passwords related to the WordPress sites you add to RoleUp.
However, when you add a WordPress site to RoleUp we generate, encrypt and save an application password. The application password is a token that is used to authenticate the requests we send to your website when managing users. The token is decrypted in real time only when needed.
Since the token is encrypted in the database, it cannot be used to access your website if it were to be obtained by unauthorized third parties. Note that you may also revoke the RoleUp application password at any time.
How do you protect my RoleUp Account
As noted above, we do not store passwords for the users on your WordPress websites. However, we do store the password for your RoleUp account itself.
Like the application passwords described above, your RoleUp account password is encrypted and remains protected from unauthorized access in the event of a data breech.
Account access is protected from known bad actors and brute force attacks through our Web Application Firewall. Additionally, 2-factor authentication will soon be available to prevent access to your account by brute force attacks, social engineering, etc…