Modules How it works Pricing Security Support

Security

Practical controls Updated January 2026

Security that feels boring—in the best way.

Parameter runs WordPress with a simple goal: no surprises in public. That means disciplined access, safe changes, real monitoring, and recovery you can trust. This page describes the security practices we apply across Pulse, Protect, and Propel—and what we expect from you.

Start secure onboarding Controls snapshot What we cover

Need a security questionnaire answered or special requirements (HIPAA/PCI/SOC reports)? Contact us and we’ll route it correctly.

Security, at a glance

Always-on Monitored

Real ops. Calm outcomes.

AccessLeast privilege, clean handoffs

ChangesStaged, tested, documented

MonitoringUptime, errors, regressions

RecoveryBackups + restore practice

One important thing: Security is a system, not a plugin. We reduce risk with layers: hosting, operations, and change control.

We limit access.

Most incidents start with access sprawl. We keep it tight, auditable, and reversible.

Least privilegeOnly the access required, only for the time required.

Stronger authEncourage 2FA and modern credential practices wherever possible.

Clean offboardingRemove stale users, keys, and integrations after handoffs.

We make changes safely.

Updates and improvements shouldn’t feel like gambling. We prefer staged, observable change.

Staging-firstTest updates where possible before they hit production.

Change notesWhat changed, why it changed, and what to watch next.

Rollback mindsetWhen something slips, we prioritize restoring service fast.

We watch reality.

Security isn’t “set and forget.” We monitor what matters and respond when it changes.

MonitoringUptime, performance regressions, and error signals.

HardeningReduce common attack surface and risky configurations.

Clear commsWhen something happens, you’ll understand what it is and what’s next.

Controls snapshot

What we do—at a practical level.

Exact details vary by plan + site Protect details Pulse details

Area	What Parameter handles	What we ask from you
Access & accounts WordPress, hosting, vendors	We help establish least‑privilege access, remove stale accounts, and keep admin surfaces tight.	Use strong unique credentials, approve access requests quickly, and keep your internal logins clean.
Updates Core, plugins, themes	We plan, test where possible, execute updates, and resolve common compatibility issues.	Tell us about business‑critical dates (launches, campaigns) and approve larger change windows if needed.
Backups & recovery Restore confidence	We ensure backup coverage and a recovery path (scope depends on plan/host). We prioritize restoring service when incidents occur.	Keep access to domain/DNS and business email available for urgent verification and changes.
Monitoring Uptime, performance, errors	We monitor for regressions and issues that hurt users, revenue, or reputation.	Let us know what “critical” means for you (checkout, lead forms, memberships, etc.).
Incident response When something breaks	Triage → contain → restore → document. We focus on getting you back online fast, then preventing repeats.	Keep one technical contact available for urgent approvals; share any relevant vendor alerts promptly.
Compliance support Questionnaires, audits	We can help answer questionnaires and share operational details appropriate to the engagement.	Tell us the requirement early so we can align scope, timelines, and documentation expectations.

This page is an overview of our practices. For exact SLAs, coverage, and commitments, see What we cover and your service agreement.

How it maps to modules

Security is layered.

Compare modules Start

Pulse™

Foundation

Managed hosting is where a lot of security gets won or lost. Pulse focuses on infrastructure, stability, and hygiene.

Transport securityHTTPS/SSL and secure connections (where supported).

Platform hardeningReduce common hosting-level risk and misconfigurations.

Managed upgradesHosting environment updates handled without drama.

Pulse details

Protect™

Always‑on operations

Protect is where security becomes a routine: updates, monitoring, backups, and response—done consistently.

Safe updatesCore/plugin/theme updates, compatibility resolution, and follow-up checks.

Monitoring signalsWatch what users experience (uptime/errors/performance).

ReportingClear notes, priorities, and recommendations.

Protect details

Propel™

Improvements & hardening

Propel is where we handle one-off projects: cleanup, modernization, and the security-related work that needs hands.

Safer customizationsBuild and refactor in ways that reduce fragility over time.

Audit & remediationFind issues, remove risky plugins, reduce surface area.

Change controlStaging/QA and post‑deploy verification on bigger changes.

Propel details

Incident response

When something happens, here’s the rhythm.

We’re optimized for one thing first: restore service. Then we take the time to prevent repeats.

1) TriageConfirm impact and scope. Identify what’s broken and what’s at risk.

2) ContainStop the bleeding (disable risky components, isolate access, block obvious abuse).

3) RestoreBring the site back online quickly—rollback, fix-forward, or recover.

4) DocumentWhat happened, what we changed, and what we recommend next.

Shared responsibility

Security works best as a partnership.

We handle the operational heavy lifting. You keep the business-side guardrails tight.

We ownOperational routines: monitoring, updates, backups/recovery paths, and change discipline.

You ownBusiness decisions: user approvals, vendor accounts, content, and compliance requirements.

TogetherPriorities, critical business flows, and what “urgent” means for your team.

About guarantees Security reduces risk—it can’t eliminate it. We’re transparent about tradeoffs and we improve continuously.

Responsible disclosure

Found a security issue?

If you believe you’ve found a vulnerability affecting a Parameter-managed property, please report it privately. We’ll respond and coordinate next steps.

Email security@parameterllc.com

Contact form

Please avoid public disclosure until we’ve had a chance to investigate.

Quick answers

Common security questions.

Do you support 2FA / MFA?

Yes—where the platform supports it, we encourage and help set up stronger authentication (2FA/MFA) for admin surfaces and critical vendors.

Can you fill out our security questionnaire?

Usually, yes. Send it through Contact or the Support portal and we’ll respond with the details appropriate to your plan and environment.

Do you offer formal compliance (SOC 2 / HIPAA / PCI)?

We’re happy to discuss compliance requirements and align scope. Formal attestations vary by environment and vendors; if you need specific documentation, tell us early so we can plan appropriately.

What should we do if our site is down?

If you’re a customer, use the Support portal for the fastest routing. If you can’t access the portal, email us and include your domain, what changed recently, and screenshots if available.

Start Read FAQs What we cover