Hosting & Security
Policy

Shadowtek provides LiteSpeed-powered WordPress hosting with enterprise-grade security infrastructure. Our hosting environment includes:

We maintain a 99.99% uptime target across our hosting infrastructure. This excludes scheduled maintenance windows, third-party service outages, or downtime caused by Client actions, content, or configurations.

Shadowtek is responsible for:

• Server-Level Security: Maintaining firewall rules, intrusion detection systems, malware scanning, and operating system security patches.
• Infrastructure Monitoring: Real-time monitoring of server resources, security threats, and performance metrics.
• Automated Backups: Daily site backups stored securely with 30-day retention. Backups include databases and file systems.
• Security Hardening: Implementation and maintenance of Cloudflare WAF rules, Imunify360 configurations, and CloudLinux isolation protocols.
• Patch Management: Timely application of security patches to server software, control panel systems, and core hosting infrastructure.

Clients are responsible for:

• WordPress Core Updates: Ensuring WordPress core software is updated in accordance with their chosen maintenance plan.
• Plugin and Theme Selection: Only installing plugins and themes from reputable sources. See Section 3 (Plugin Policy) for details.
• Content Security: Ensuring uploaded content (images, documents, media files) is free from malware or malicious code.
• Access Control: Maintaining secure passwords for WordPress admin accounts, FTP/SFTP access, and control panel logins.
• Third-Party Integrations: Security of any third-party services, APIs, or external platforms integrated with the website.

The following are shared responsibilities requiring cooperation between Shadowtek and the Client:

• Plugin and Theme Updates: Updates are managed according to the Client's selected maintenance plan. Clients on lower-tier plans must approve updates or perform them independently.
• Security Incident Response: In the event of a security breach, Shadowtek will provide technical remediation, but Clients must cooperate with investigation efforts and implement recommended changes.

We maintain a curated list of approved, security-vetted plugins that have been tested in our hosting environment. Clients are strongly encouraged to select plugins from this list.

"Rogue Plugins" are defined as:

• Nulled (pirated) commercial plugins or themes
• Plugins or themes from unverified or untrusted sources
• Abandoned plugins with no updates in the past 12 months
• Plugins with known critical security vulnerabilities
• Plugins that conflict with our security infrastructure (WAF, caching, or isolation protocols)

Clients may request installation of plugins not on the approved list. Shadowtek will:

• Review the plugin for security vulnerabilities, code quality, and compatibility.
• Test the plugin in a staging environment if necessary.
• Approve or deny the request within 2 business days.
• Document approved exceptions in the Client's hosting profile.

Denial of a plugin request is final and is made in the sole discretion of Shadowtek to protect infrastructure integrity.

Shadowtek maintains daily server-level snapshots for infrastructure disaster recovery purposes. These snapshots are intended to support recovery from:

• Server failure or infrastructure-related data loss
• Major platform incidents affecting the underlying hosting environment

Clients NOT on an active Shadowtek Maintenance Plan are solely responsible for:

• Their own website-level backups (files and database)
• Off-site backup storage and retention
• Verifying backup integrity and restoration capability

Any recovery actions Shadowtek performs are limited to what is reasonably available from infrastructure snapshots and/or any other backups expressly included in the Client's active Maintenance Plan or service agreement.

Shadowtek offers tiered maintenance plans that determine the level of proactive management and support:

• Essential Plan: Monthly WordPress core, plugin, and theme updates. Reactive support for critical issues.
• Professional Plan: Weekly updates, performance monitoring, monthly security scans, and priority support.
• Executive Plan: Daily monitoring, real-time security threat response, 24/7 emergency support, and proactive performance optimisation.

The following outlines the typical inclusions for each tier (subject to the Client's service agreement):

Response times and service levels vary by maintenance plan:

Response times are calculated during Australian Eastern Standard Time (AEST/AEDT) business hours (9:00 AM - 5:00 PM, Monday-Friday), excluding public holidays, unless otherwise specified in the service agreement.

Clients may not use Shadowtek hosting services for:

• Illegal activities, including but not limited to phishing, malware distribution, or copyright infringement.
• Excessive resource consumption that degrades server performance for other hosted sites (e.g., cryptocurrency mining, unoptimised databases, or infinite loops).
• Hosting adult content, gambling services, or other content prohibited under Australian law.
• Spamming, mass email distribution, or email harvesting.
• Proxy services, TOR exit nodes, or anonymisation services.

Hosting accounts are subject to fair use resource limits:

Shadowtek reserves the right to immediately suspend or terminate hosting services for:

• Violation of this Acceptable Use Policy.
• Non-payment of hosting fees for more than 14 days past the due date.
• Repeated installation of Rogue Plugins after warnings.
• Security incidents caused by Client negligence (e.g., weak passwords, failure to update software).

Clients retain full ownership of all website content, including:

• Text, images, video, and multimedia content
• Customer data and databases
• Uploaded files and media libraries

Shadowtek claims no ownership rights to Client content.

Shadowtek retains ownership of:

• Proprietary server configurations and security rulesets
• Custom code, plugins, or scripts developed specifically for Shadowtek infrastructure
• Performance optimisation techniques and security hardening methodologies

Upon termination of hosting services, Clients receive a complete export of their website files and databases but do not receive proprietary Shadowtek configurations or custom infrastructure code.

Upon written request, Shadowtek will provide:

• A complete backup of the Client's website files (via compressed archive).
• A MySQL database export in .sql format.
• Assistance with DNS record documentation for migration purposes (at no additional charge if the Client's account is in good standing).

Data export requests must be made at least 7 days prior to account termination.

Hosting fees are invoiced monthly or annually as specified in the Client's service agreement. All fees are payable in Australian Dollars (AUD) and are due within 14 days of the invoice date.

The following services may incur additional fees:

If a Rogue Plugin or Client-caused security vulnerability results in a site compromise requiring manual intervention, Shadowtek may charge a Security Remediation Fee of $350-$1,000 depending on the complexity of the cleanup and restoration.

Accounts with invoices unpaid for more than 14 days past the due date may be suspended without notice. A $50 reconnection fee applies for accounts suspended due to non-payment.

Shadowtek commits to a 99.99% uptime target for hosting infrastructure. Uptime is calculated monthly and excludes:

• Scheduled maintenance windows (notified at least 48 hours in advance).
• Downtime caused by Client actions (e.g., plugin conflicts, code errors, or resource abuse).
• Third-party service outages (e.g., Cloudflare, DNS providers, or payment gateways).
• Force majeure events (natural disasters, cyberattacks, or government-mandated outages).

If Shadowtek fails to meet the 99.99% uptime target due to infrastructure failure, Clients may be eligible for service credits:

Credits are issued automatically and applied to the next invoice. Credits are the sole remedy for SLA breaches and do not entitle Clients to cash refunds.

No credits will be issued for:

• Downtime caused by scheduled maintenance.
• Downtime caused by Client actions, content, or configurations.
• Downtime caused by third-party services or DDoS attacks.
• Downtime of less than 5 consecutive minutes.

To the maximum extent permitted by Australian law, Shadowtek's total liability for any claim arising from hosting or security services shall not exceed the total amount paid by the Client for hosting services in the 12 months preceding the claim.

Shadowtek is not liable for:

• Loss of revenue, profits, or business opportunities.
• Data loss or corruption not caused by Shadowtek negligence.
• Downtime caused by third-party services, Client actions, or force majeure events.
• Security breaches caused by Client negligence (e.g., weak passwords, Rogue Plugins, or outdated software).

Clients agree to indemnify and hold harmless Shadowtek, its directors, employees, and contractors from any claims, damages, or legal fees arising from:

• Client content, plugins, or third-party integrations.
• Violation of this Policy or applicable laws.
• Security incidents caused by Client negligence.