We at MemberVault take the security of our platform very seriously and have taken several steps to ensure that you and your users' data are safe and secure.
If this document doesn't cover something you need to know, please email our CTO, Mike Kelly at mike@membervault.co
Additionally, MemberVault conducts regular security audits by professional experts to identify and address vulnerabilities.
Traffic Encryption
All traffic through MemberVault is forced to be HTTPS and goes through an auto-updating Amazon SSL.
This means all information transferred to and from MemberVault is SHA-256 with RSA Encryption.
Database Security
All MemberVault databases are securely stored in the Amazon AWS - RDS service.
Traffic firewalls are on so that external connections directly to the database are refused.
This means the only thing that can access the database is the secure application itself.
Although very little sensitive or personal information is actually stored in our databases, passwords are also 256 bit encrypted as well.
This means that the admin's passwords can never be exposed.
Not even MemberVault HQ will ever know what your passwords are. (but we can reset them for you if needed)
Application Security
MemberVault constantly stays up to date on all the PHP and Apache security updates on the server to protect against known exploits.
Furthermore, MemberVault was built in a framework called CodeIgniter, which is a very long-standing, stable, and security implementation of the PHP language. This protects MemberVault from attacks such as SQL Injection, URL tampering, and even XSS cross-scripting attacks.
We also strongly enforce admins to change default passwords upon logging in for the first time.
Every account also gets a secure and unique key to use with the API if they need to use webhooks.
Bot Activity and Account Protection
MemberVault takes proactive measures to address bot activity and protect user accounts. These include:
Regular audits by professional security experts to identify and address vulnerabilities.
Active blocking of most illegitimate traffic to prevent exploitation of the platform.
Common Issues Related to Bot Activity
One common issue you may encounter is receiving multiple notifications from the "Forgot Password" form on the admin login page. This typically occurs when bots access the page and repeatedly attempt to reset passwords. While this can be concerning, it is important to note:
The password reset email can only be sent to the email address associated with your account.
The associated email address cannot be changed by unauthorized parties.
MemberVault is aware of such bot activities and is actively working on implementing additional security measures to prevent bots from filling out forms.
Steps Users Can Take When Encountering Security Concerns
If you experience bot activity or other security concerns, here are the recommended steps:
Delete Unwanted Notifications: If you receive unwanted password reset emails, simply delete them. These emails do not compromise your account security.
Monitor for Unusual Activity: Keep an eye on your account for any unusual activity or significant increases in spam notifications.
Notify MemberVault: If you notice a significant uptick in bot activity or spam traffic, inform MemberVault so that additional measures can be explored.
Payment Security
It's important to understand that MemberVault never touches ANY user payment information directly.
Instead, we have accounts securely connect via Stripe and PayPal, and handling of payments is done on their end. We do not ever know or expose full credit card numbers, passwords or keys.
Furthermore, ONLY the master admin of any account can access the payment connection page in the admin.
If you would like to learn more about Stripe's security, you can read more here:
https://stripe.com/docs/security/stripe
If you would like to learn more about Paypal's security, you can read more here:
https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security
Related Articles:
Questions? Reach out to us at hello@membervault.co, within our Facebook group, The MV Collaborative, or via chat support within your admin account (not sure how to log in? look up your account here).