Security Policy

Effective Date: 07/06/2025

At Eternalism, your security and trust are our top priorities. We are committed to maintain a safe and secure website environment through proactive protection, modern encryption, and responsible data practices

1. Authentication & Access Control

  • - reCAPTCHA Protection: We use Google reCAPTCHA on login and registration forms to prevent automated abuse and malicious access attempts.
  • - Two-Factor Authentication (2FA): Optional 2FA is available for customers and subscribers to provide an additional layer of login security.
  • - Rate Limit & Login Lockouts: We use security software to limit repeated login attempts and block brute-force attacks.

2. Website Security & Monitoring

  • - Web Application Firewall (WAF): Our site is protected by Wordfence, a leading WordPress security solution that monitors and blocks suspicious activity in real-time.
  • - Malware Scanning: We run regular scans for malware, file changes, and potential vulnerabilities using Wordfence and act on alerts immediately.

3. HTTP Security Headers

We enforce strict security headers to protect your browsing experience and prevent common attacks:

  • - Strict-Transport-Security (HSTS): Ensures all connection to our website are encrypted.
  • - X-Content-Type-Options, Referrer Policy, And Permissions-Policy are also implemented to harden browser-based defense.

4. Data Protection & Privacy

  • - HTTPS Encryption: All data exchanged between your browser and our server is encrypted via TLS (SSL).
  • - Secure Payment Gateway: We use a trusted third-party gateway to process payments securely. Payment information is never stored on our servers.
  • - Minimal Data Retention: We only collect data needed to process your order and support your account, in compliance with data protection best practices. 

5. Backups & Recovery

  • - Automatic Backups: Our site is backed up regularly to secure off-site storage, enabling rapid recovery in the event of a breach or data lost.

6. Ongoing Maintenance

  • - Regular Updates: WordPress core, themes, and plugins are updated regularly to close known vulnerabilities.
  • - Security Testing: We routinely test our headers, firewall, and site configuration using tools like Security headers.io and SSL Labs. 

7. Users Responsibilities

To help keep your account secure, we recommend:

  • - Using a strong, unique password 
  • - Enabling two-factor authentication where available
  • - Reporting any suspicious activity via our contact form