Skip to content
  • Features
    • Performance
    • Security
    • Management & Workflow Tools
  • Managed Hosting
    • PeakFreq Managed Servers
    • Fully Managed Websites
  • Fortress
  • Relay
  • Knowledge Base
  • More
    • FAQ
    • Comparisons
    • Blog
  • Login
View Plans
GridPaneGridPane
  • Features
    • Performance

      Host even the most demanding WordPress websites with ease and full control.

      Security

      Lock down your websites with GridPane's suite of security tools and Fortress plugin integration.

      Multitenancy

      Convert your WaaS into a true SaaS and manage 1000s of individual websites via one codebase.

      Management
      • API Integrations
      • Local & Remote Backups
      • Easy PHP Management
      • One-Click PHPMyAdmin
      • Full Log Access
      • Snapshot Failover™
      • World Class Support
      Workflow
      • Easy Website Creation
      • Pre-install Bundles
      • Create Blueprint Sites
      • Advanced Staging
      • Cloning Tools
      • Advanced Git
      • GP-CLI and WP-CLI
      Interested in GridPane? Schedule a call with us!

      If you have questions or are not sure where to start, book a call with us today to learn how we can help grow your recurring revenue. Click here to view our calendar.

  • Managed WordPress
    • PeakFreq Managed Servers

      Fast, secure, and reliable managed servers by GridPane and Vultr.

      Fully Managed Websites

      A tailor-made hosting solution for individual WordPress websites.

  • Fortress
  • Relay
  • Knowledge Base
  • More
    • FAQ
    • Comparisons
    • Blog
    • Affiliate Program
  • Login
View Plans
GridPaneGridPane

Keeping Your GridPane Account Secure

  • Steve BBySteve B
  • Jun 3, 2024
  • UpdatedJul 1, 2024
3 min read

Table of Contents

  1. Introduction
  2. Account Security Hygiene Recommendations
    – Check if You’ve Been Pwned
    – Setup Two-Factor Authentication (2FA)
    – Team Member Security
  3. Default GridPane Security
    – Account Settings Page
    – API Credentials
    – Billing Information
  4. OTP Timeout Settings
  5. Additional Reading

Introduction

Your GridPane account allows you root-level access to all of your servers and instant administrator access to all of your WordPress websites. It is imperative that you keep your account secure to keep your business secure. 

This article details the security measures we have in place as well as the steps we recommend that you as the account owner take to keep your account as secure as possible.

Account Security Hygiene Recommendations

GridPane includes many default security measures out of the box, but it’s important that you employ your own security best practices. This applies to any and all accounts that you own, including Vultr, UpCloud, etc.

  1. Use long (minimum 20 characters), complex passwords, and do not reuse passwords across different sites/accounts.
  2. Check if your details have been exposed in known hacks (links below).
  3. Always activate 2FA to keep your account secure if your email and password info is ever compromised.
  4. Employ an internal password security policy that includes the timelines for password changes.
  5. Ensure any team members added to your account also use strong passwords and activate 2FA.

Check if You’ve Been Pwned

You can check to see if your data has been leaked online at the following websites:

  1. https://haveibeenpwned.com/
  2. https://cybernews.com/personal-data-leak-check/

If your data has been exposed, you should update all of your passwords on the exposed accounts as soon as possible.

Setup Two-Factor Authentication (2FA)

This article details how to set up 2FA for your GridPane account:

Using Two-Factor Authentication (2FA) with GridPane

Team Member Security

If your account includes our team member feature, it’s important to ensure that your team members also employ appropriate security measures. This means strong passwords, 2FA, and good general security hygiene. 

Your Admin team members have access to all your sites and servers, and Staff and Client team members could potentially cause serious damage to them as well. 

Default GridPane Security

In 2023, the most common attack vector responsible for 60% of hacked WordPress websites was stolen session cookies and compromised credentials. These attacks don’t just affect WordPress, though, but every website where you have an account. 

We have built-in protections to protect your account, servers, and websites as much as possible should your GridPane account (or one of your team member accounts) is compromised.

The following account settings are secured by our one-time password (OTP) setting. If you haven’t set up 2FA, this is done via an email to your GridPane account email address. 

GridPane Features

The following server, website, and system user settings are secured by OTP:

  • Deleting a server
  • Deleting a website
  • Editing a server name and/or IP address
  • Opening Monit 
  • Opening PHPMyAdmin
  • Opening the website build log
  • Modifying system users
  • Viewing system user passwords

Account Settings Page

Your account settings page is secured by our OTP setting. 

API Integrations

Your API integrations and GridPane API key are masked, and your integration keys cannot be viewed after being set. 

Billing Information

Your billing information is located within your settings page and secured by OTP. Billing is only available to account holders, and team member accounts cannot view this information.

OTP Timeout Settings

The OTP timeout settings that help keep your account secure default to a 15-minute timeout. This means that after entering your OTP, you will not be asked to re-enter it again for the next 15 minutes.

You can set a custom OTP session duration in minutes, with the maximum allowed duration being 120 minutes. This can be done inside your account Settings > Security page:

Logging out of your account will end the OTP session.

Additional Reading

You may also be interested in the following articles:

  1. WP Security 2024: Securing Multiple Banking Websites Built on WordPress
  2. Data published by WeWatchYourWebsite: The Real Attack Vector Responsible for 60% of Hacked WordPress Sites in 2023

Search the Knowledge Base

  • Platform Documentation
  • Troubleshoot Common Issues
  • SSL Certificates
  • Server Caching
  • Migrating to GridPane

New to GridPane?

Get started with our FREE Core plan today! We bring the software, you bring the hardware.

Create My Free Account

GridPane helps serious WordPress agencies crush their hosting problems, once and for all.

Quick Links

Pricing
FAQs
Facebook Group
Status Page
Roadmap
Changelog
Security
Legacy Hub

Compare Us

WP Engine
Kinsta
Flywheel
Cloudways
More Comparisons

Learn

Knowledge Base
Fortress Security
WordPress Security
PHP Workers
Command Line Intro
Troubleshooting

Copyright © 2017 - 2025 GridPane, Inc · GDPR · Terms of Service · Privacy Policy · Cookie Policy

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}