Skip to content

Security

The VIP Platform is built with multiple levels of security controls and protection—including edge protection, secure networking, robust access controls, continuous security monitoring, and code scanning. VIP performs recurring internal security testing of the platform, vulnerability assessments, and engages with third-parties to perform platform penetration testing on a regular basis.

However, it is the combined responsibility of both VIP and the customer to strengthen and maintain the security of applications hosted on the VIP Platform.

Review VIP’s enterprise-grade WordPress security article for more information about security on the VIP Platform and security best practices.

  • Infrastructure built to mitigate security threats

    VIP’s infrastructure is designed to mitigate security threats and manage vulnerabilities at a platform-level.

  • Customer responsibility for threat mitigation

    The security of an application hosted on the VIP Platform is a shared responsibility between VIP and its customers.

  • Security best practices for all users

    All users on the VIP Platform should follow best practices when it comes to securing their devices, accounts, and access to VIP tools.

  • Rate limiting

    Rate limiting is in place at the edge for all environments on the VIP Platform to prevent some crawlers from causing potential performance issues.

  • Penetration testing

    Penetration tests, security assessments, or other scans can be run by a customer against their application’s WordPress VIP Platform environments.

  • Phishing

    “Phishing” is a cyberattack that tricks users through fraudulent websites, emails, text messages, phone calls, and other communications.

  • Validating, sanitizing, and escaping

    When writing theme and plugin code, it is important to be mindful of how data coming into WordPress is handled and how it is presented to the end user.

  • JavaScript security recommendations

    A best practice in PHP for WordPress is to use escaping functions to prevent Cross Site Scripting (XSS).

  • Encode values passed to `add_query_arg`

    For better security in code, values should be encoded before they are passed to `add_query_arg`.

Last updated: August 20, 2025

Relevant to

  • Node.js
  • WordPress