Manage and secure all your Joomla! & WordPress websites with ease
in a single dashboard for only $1/site/month or less

Try for free

30 days. No Credit Card.
No commitment.

Buy now

Start to manage all
your websites.

gdpr

Like many web services, Watchful has been busy making changes to address the General Data Protection Regulation (GDPR) set to go into effect in the European Union on May 25, 2018.

Here at Watchful, we are working towards GDPR compliance in four main areas:

  • Obtaining consent from users to collect and store personal information
  • Creating an account deletion tool
  • Updating to our Privacy Policy and Terms of Service
  • Expanding GDPR compliance in the future

The purpose of this article is to provide an update for each of these areas.

Obtaining consent from users to collect and store personal information

An important tenet of the GDPR is obtaining explicit consent from users to receive messages from Watchful. This consent is now a required part of the sign-up process at Watchful as GDPR compliance involves notifying users of data breaches: we can only comply with this if we have users consent to do so.

New users will have the opportunity to give consent when they sign up. Per our terms of service, existing users implicitly give their consent if they continue to use Watchful.

Creating an account deletion tool

Another pillar of the GDPR is the “Right to be forgotten”. This means that users have the right to have their personal information erased. We have applied a tiered approach to address this.

First, the “Edit Profile” area in the Watchful Dashboard has a new “Delete Account” account tool. This will cancel any subscriptions as well as delete the user data from our system.

However, the Delete Account feature is not a comprehensive data erasure tool. For example, transaction history remains stored at our payment processors (Recurly and Paypal). While some transaction information will always be saved for tax and audit purposes, personal information would ideally be anonymized when a user requests account deletion. Unfortunately, our payment processors do not yet support this.

Similarly, our email service provider (MailChimp) stores records of users mailing list subscription status even when someone unsubscribes from a mailing list. Just today MailChimp has released tools to help remove this data for unsubscribed users.

The second tier of our approach to address account deletion will be to integrate these new tools in the future as they become available (see below).

Updates to our Privacy Policy and Terms of Service

Today we have published an updated Privacy Policy.

There are a few major changes that deserve highlighting:

  1. We have simplified the language to explain the policy in plain English without complicated legal terms and complex sentence structures.
  2. We have added a “Promises” section that outlines our approach to the privacy of your personal data.
  3. We have added a “Rights” section that describes your rights to the data we collect.
  4. We have added a significant amount of information on what personal data we collect, why we collect it, how the information is securely stored, and how we share your information with our trusted partners and upstream service providers.
  5. We have added sections describing how user accounts can be deleted (see above) and system and marketing messages cancelled.
  6. We have added a list of cookies we use at Watchful.

We have also made a minor update to our Terms of Service to describe and link to our Privacy Policy.

Expanding GDPR compliance in the future

As mentioned above, some of our upstream service providers like Recurly, PayPal and Mailchimp are still in the process of themselves becoming GDPR compliant and building the tools to allow for data anonymization and/or erasure.

Going forward, we will monitor their progress and address the following areas as tools and resources become available:

  • Delete user history and personal information from Mailchimp when deleting accounts
  • Anonymize personally identifiable information at payment processors
  • Find an easy way for users to download their information

We are also working on a Data Processing Agreement that addresses the use of data “Processors and Sub-processors” under GDPR.

password encryption

We have recently released new versions of our Joomla Client (v1.12.2), WordPress Client (v1.0.2) & the SSO Plugin for Joomla (v1.3).

New Joomla & WordPress Clients

The updated Joomla and WordPress clients improve the way we authenticate calls from the Watchful server so as to avoid a theoretical timing attack: http://php.net/manual/en/function.hash-hmac.php#111435).

New SSO Plugin

The new SSO plugin changes the way we hash passwords. This prevents Watchful from "seeing" your passwords during SSO authentication attempts.

With the previous plugin your password was encrypted with AES256 on your site and then sent to the Watchful server. Once received, Watchful decrypted the password and immediately hashed it before storing it in the database. Importantly, the password was never stored unencrypted in our database nor in any log file).

With the new SSO plugin, the remote site hashes the password and encrypts it with AES256 before sending it to Watchful server. Once received, the password is decrypted and the hashed password compared with the SSO user password.

Read more: New Watchful clients and SSO plugin enhance encryption

amazon web services

In the coming weeks, we plan to migrate our infrastructure from WiredTree to Amazon Web Service (AWS).

The primary reasons for this change are to move to a scalable system that can be expanded as needed during high-volume events (such as the release of an important software update) and to provide a more central geographic server location for all of our users around the world.

To address both of these issues, Watchful will now be served from AWS servers in Ireland rather than our current servers in the US. Based on our tests, we expect that the improved performance offered by AWS will offset any distance-related delays for our American clients. European, Asian, and South-Pacific customers may experience performance improvements due to the reduced distance to the new servers.

While only minimal technical changes are needed to move to AWS, one of the most basic aspects of Watchful will change: our IP addresses. The new addresses are:

34.250.7.114
34.250.132.64
34.250.203.214

To accommodate this change, we are asking our customers to proactively add these new addresses to their server whitelists while retaining any existing whitelisted IPs. System administrators can usually do this easily from WHM/cPanel (for example). 

Otherwise, Watchers should contact their IT departments or hosting providers and make the request to whitelist the IPs.

In addition, we also recommend that any web application firewalls installed locally on your sites. This includes WordPress plugins such as Wordfence as well as Joomla extensions like Admin Tools and RSFirewall.

To assist with this process, next week we will release a new Watchful client for Joomla, version 1.12. When installed/updated, the new IP addresses will be automatically whitelisted in Admin Tools and RSFirewall.

If you have any questions, please feel free to submit a support ticket from the Watchful Dashboard.

watchful wordpress welcomed

Effective immediately, Watchful now officially supports backups, updates, monitoring, and maintenance for websites powered by WordPress.

Support for WordPress has been a common request from existing Watchful users who primarily use Joomla as well as longtime WordPress users who are looking for a simpler and more affordable solution for website management than currently on the market.

Thus, the Watchful team focused on delivering the same seamless experience for WordPress that has traditionally been available only for Joomla websites.

Leveraging both the Watchful and WordPress APIs, WordPress users can now perform and monitor backups, monitor website uptime, integrate Google Analytics and generate reports, update the core WordPress software as well as WordPress plugins, scan for Malware and security best practices, and much more.

Although today marks the official public announcement for WordPress support, WordPress has been operating internally for approximately six months. On Dec. 23, 2016 we also launched a private beta test with our existing customers.

Since then, numerous bugs have been patched and the Watchful website updated to indicate compatibility with WordPress. Our Knowledge Base has also been updated to include installation and troubleshooting information relevant to WordPress.

Today’s launch of WordPress support and the upcoming migration of Watchful to Amazon mark important milestones. Together, these enhancements put Watchful on a path for continued success and accelerated growth.

yubikey

Today we are pleased to announce that YubiKey support has been added as a 2-factor authentication method for protecting your Watchful account.

Two-factor authentication is an industry-standard for preventing unwanted access to accounts and devices. As one of the default authentication methods supported by the Joomla CMS, we expect YubiKey support to be popular among Watchful customers.

With Google Authenticator support having been in place for some time, Watchful now supports both authentication methods found in Joomla.  

We highly recommend that all users protect their Watchful accounts with 2-factor authentication. Full details on enabling this feature for both YubiKey and Google Authenticator can be found in our Knowledge Base.

Why use Watchful?

It takes you days to update all your sites.

It takes you days to update all your sites.
Logging into websites and individually applying software updates is time-consuming and error-prone. With Watchful, we let you know what updates are available and help you apply updates across all your sites at the same time.
Jonathan Frewin
Watchful cut my monthly [maintenance] time down from days to hours.
Jonathan Frewin / frewindesign.co.uk
Learn more about Backup Manager

You don’t check your websites for security problems or backups.

You don’t check your websites for security problems or backups.
Watchful helps you monitor industry-accepted best-practices and potential security issues. And if a problem arises, Watchful’s customer support is there to help you understand the problem and advise you on possible solutions.
Joe Sonne
Using Watchful is far better than having to deal with a hacked website because a site fell behind in security updates.
Joe Sonne / joejoomla.com

Learn more about Site Audit

You use WordPress and Joomla! in your agency.

You use WordPress and Joomla! in your agency.
Watchful works seamlessly with the two most popular website softwares: Wordpress and Joomla. And the list of supported applications is growing.
Matthew Philogene
Watchful.li provides a great overview of all our projects. Great support, great tools, cannot live without!
Matthew Philogene / raramuridesign.com

Learn more about Multi CMS dashboard

You don’t offer maintenance plans for your customers.

You don’t offer maintenance plans for your customers.
Maintenance plans are a key way most agencies generate recurring revenue and keep in regular contact with their clients. With Watchful you can offer professional maintenance plans and deliver white-label reports to show your clients the value of your work.
Martijn Boomsma
Watchful keeps us on track with updates and maintenance tasks so our clients sites are always monitored and up-to-date.
Martijn Boomsma / perfectwebteam.com

Learn more about White-Label Reports

You manage your websites manually.

You manage your websites manually.
We started like that! But our spreadsheets and reminders quickly became very complicated. We designed Watchful to simplify website management and actually make it pleasant experience.
Kristoffer Sandven
Watchful.li saves me from manually monitoring dozens of websites - I can keep them updated with just a few clicks from a single, slick interface!
Kristoffer Sandven / joomlablogger.net

Learn more about Remote Installer

Watchful News and CMS Blog

Privacy Policy updates and GDPR compliance

24 May 2018 / News

Like many web services, Watchful has been busy making changes to address the General Data Protection Regulation (GDPR) set to go into effect in the European Union on May 25, 2018.

New Watchful clients and SSO plugin enhance encryption

12 April 2018 / News

We have recently released new versions of our Joomla Client (v1.12.2), WordPress Client (v1.0.2) & the SSO Plugin for Joomla (v1.3).

WordPress support officially launches for Watchful - the webmasters toolbox

24 March 2017 / News

Effective immediately, Watchful now officially supports backups, updates, monitoring, and maintenance for websites powered by WordPress.

All News