Security Practices

Security Practices.

Last updated: June 14, 2026

Laura Florey Consulting takes website and client information security seriously.

No website or online service can be guaranteed to be completely secure, but reasonable safeguards and careful habits can reduce risk.

Security Approach

My approach to security is practical, layered, and risk-aware. I focus on reducing unnecessary exposure, using appropriate tools, limiting access, and helping clients understand the most important risks first.

Website Security Practices

This website may use security practices such as:

  • HTTPS encryption
  • Secure hosting and DNS configuration
  • Web application firewall or security filtering
  • Spam and abuse protection
  • Limited access to administrative tools
  • Software and dependency updates
  • Secure account practices
  • Monitoring for suspicious activity
  • Backups or recovery planning where appropriate

Security practices may change over time as tools, risks, and website needs change.

Client Project Security

For client projects, security recommendations depend on the platform, hosting environment, budget, risk level, and project scope.

Areas reviewed may include:

  • CMS configuration
  • Plugin and theme risk
  • User roles and permissions
  • Backups and recovery
  • Updates and patching
  • DNS and SSL settings
  • Security headers
  • Form and spam protection
  • Authentication practices
  • Hosting and server settings
  • Third-party integrations
  • Basic vulnerability indicators
  • Performance and availability concerns

Passwords and Credentials

Please do not send passwords, API keys, private tokens, medical records, financial account details, or other sensitive information through the general contact form or regular email.

If a project requires access to a website, hosting account, DNS provider, analytics platform, or other system, we can discuss a safer method for sharing access.

Whenever possible, I recommend:

  • Creating separate user accounts instead of sharing owner logins
  • Using least-privilege access
  • Removing access when work is complete
  • Using password managers or secure credential-sharing tools
  • Enabling multi-factor authentication
  • Keeping a record of who has access to key systems

Security Reviews Are Not Guarantees

A security review is a best-effort assessment based on the agreed scope, available tools, and information available at the time.

No review can guarantee that a website is fully secure, free from vulnerabilities, or protected from all future threats.

Security is an ongoing process, not a one-time magic sticker.

Reporting a Security Issue

If you believe you have found a security issue related to this website, please contact me with a clear description of the issue.

Please do not publicly disclose the issue, access data that does not belong to you, disrupt the website, or attempt further testing without permission.

Contact

Security-related questions can be sent to:

Laura Florey
[email protected]