Responsible Disclosure Policy
The security of users’ data is always our top priority at SiteGround. If you have discovered security vulnerability anywhere in our services, we greatly appreciate your cooperation in disclosing it to us in a responsible manner, following the guidelines set out in this policy.
We commit to acknowledge, validate, and fix vulnerabilities in the timeliest manner possible. We will not take legal action against or suspend access to our services of any party that has responsibly disclosed vulnerabilities discovered.
We would like to give proper credit to the people who help us improve our services and protect the SiteGround community. If you discover a valid significant vulnerability and report it in accordance with this policy, we will add your name to our Honor Roll. If you wish to keep your disclosure confidential, just let us know and we would never reveal your identity. In case the same vulnerability is reported by several parties before it is fixed, the acknowledgment will go to the first one to report the issue.
- If you believe you have found a vulnerability, do not share details about it with any third parties or the general public before it has been fixed;
- You can only conduct testing on accounts that you own or have permission from the owner to test on;
- Do not try to gain control of another user’s account or data;
- SPAM and DDoS attacks are never permitted;
- Do not use automated tools to find vulnerabilities;
- Automated/manual password guessing (also known as "bruteforce attack") against login forms is not permitted;
- Never use non-technical techniques such as phishing and/or social engineering against employees or customers of SiteGround;
- Physical attacks against equipment, infrastructure, offices, and/or employees of SiteGround and/or our partners are strictly forbidden.
How to report
Send us an e-mail at firstname.lastname@example.org with the details of the vulnerability that you have discovered. Please make sure to include the following:
- As much detail as possible about the nature of the vulnerability so as to allow us to reproduce your steps;
- Your e-mail address;
- Name and a link to your Twitter/Facebook profile as you would like them to appear on this page.
We are very grateful to the community of users and security researchers who have helped us improve our services and make them more secure. The following individuals and organizations have discovered vulnerabilities and reported them to us in accordance with this policy: