Security

fortrabbit is a managed platform: we run the infrastructure and the stack, the developer owns the code on top. Each side owns its layer in full — nothing is secured twice, and nothing falls through the gap.

# Our responsibilities

• Run the stack below the app: OS, network, databases, PHP runtime, TLS, backups.
• Isolate each app in hardened containers behind a default-deny firewall.
• Monitor continuously, with on-call DevOps for anything out of range.
• Patch the fleet, following upstream security advisories.
• Maintain internal security policies, reviewed regularly.
• Train staff against social engineering and phishing.
• Restrict production access: least-privilege, encrypted, rate-limited.

# Our client's responsibilities

• Keep the framework and CMS on supported, patched versions.
• Update dependencies regularly — the most common way a site gets hacked.
• Store as little sensitive data as possible; encrypt what matters.
• Manage access to the app, environments and team with care.
• We never auto-update the application stack — by design.

For where data lives and how compliance works, see trust and GDPR.