BionicWP
In this article
1. BionicWP’s Responsibilities2. Client’s IT Responsibilities3. Shared Responsibilities
Home
Platform

BionicWP's Threat Modelling Approach

Edited

BionicWP approaches threat modeling as a shared responsibility between our internal teams (in partnership with sub-service providers) and our customers’ IT organizations.
Our process is built into the system design, change management, and risk assessment phases of our SOC 2 control framework:

1. BionicWP’s Responsibilities

BionicWP performs threat modeling as part of its secure design and ongoing operational processes for the BionicWP Dashboard and hosting platform:

  • System-level modeling: Identifying and evaluating potential threats to the confidentiality, integrity, and availability of hosted environments, including application-layer vulnerabilities, data exposure, authentication weaknesses, and privilege-escalation risks.

  • Infrastructure-level analysis: Reviewing threats across virtualized environments, APIs, load balancers, Redis caching, supporting sub-service layers, etc.

  • Control implementation: Applying and maintaining layered controls—such as network segmentation, intrusion detection, vulnerability management, patching, monitoring, and least-privilege access.

  • Continuous monitoring: Incorporating logs, alerts, and vulnerability scans into ongoing risk assessments and SOC reporting.

  • Sub-service oversight: Ensuring sub-service providers (Automattic/WP Cloud, Aptum, AWS, DigitalOcean, Heroku, etc.) maintain appropriate controls under their SOC 2 or equivalent attestations.

2. Client’s IT Responsibilities

Since BionicWP manages the hosting environment but not customer application logic or data handling, customers are responsible for:

  • Securing their WordPress administrator accounts, including strong passwords, 2FA, and role-based access.

  • Securing their BionicWP Dashboard accounts, including strong passwords, 2FA, and role-based access.

  • Reviewing and managing plugins, themes, and code to prevent vulnerabilities introduced at the application level.

  • Ensuring secure integration of external systems or APIs.

  • Implementing organizational security measures such as endpoint protection, employee awareness, and incident response.

  • Notifying BionicWP of any suspicious activity or suspected compromise within their application.

3. Shared Responsibilities

Both parties share responsibility for:

  • Incident coordination: Prompt communication in the event of a detected or suspected threat.

  • Periodic review: Evaluating changes in the threat landscape and adjusting configurations accordingly.

Pricing