A monitoring tool runs code on your clients’ sites and holds the map of your whole portfolio. That earns it a periodic, unglamorous, top-to-bottom security review. We just finished one. Nothing here adds a feature; all of it narrows what an attacker could do.
What changed
Stricter database access rules. Access policies were tightened across the platform, including uniform MFA enforcement on all account data: the protection applies everywhere, not just on the obvious tables.
Hardened request validation. Every server-side, site-facing check now validates its requests more strictly, shrinking the surface a malicious or compromised endpoint could poke at.
Per-account rate limits. The AI assistant and support tickets are now rate-limited per account, closing off abuse and cost-amplification paths.
Integrity-verified plugin updates. Each plugin release is now checksum-verified before installing. When your fleet pulls an update, the bytes are proven to be the bytes we shipped. Supply-chain tampering between our release and your site’s install fails the check and doesn’t install.
Integrity-pinned dashboard scripts. The dashboard’s third-party scripts are SRI-pinned to exact versions and hashes, so a compromised CDN cannot ship altered JavaScript into your session.
What you need to do
Nothing. Every change is server-side or ships through the normal plugin update flow.
We publish these notes because trust in a monitoring product shouldn’t be vibes-based. If you want the design principles behind the plugin’s security model, they’re documented on the security page.