Security Policy
This Security Policy explains how Web Designer & Web Developer (Pvt) Ltd protects Webdeveloper.lk, customer data, admin access, uploaded files, and project records.
1. Security Approach
We apply layered security controls across website forms, admin workflows, file uploads, backend APIs, database records, and cPanel hosting configuration. The goal is to reduce unauthorized access, spam, injection attacks, malicious uploads, data leakage, and misuse of the platform.
2. Website and Server Protection
- Security headers are added through server configuration where supported.
- Directory listing is disabled.
- Sensitive backend folders and upload areas are restricted.
- PHP execution inside upload folders is blocked.
- SQL and configuration files are protected from public browsing where supported by the server.
3. Admin and Data Protection
Admin dashboard access, project records, payment receipts, template management, package management, customer communication, and realtime notifications must be handled only by authorized persons. Production deployment should use secure login, strong passwords, HTTPS, and database credentials stored in protected configuration files.
4. File Upload Security
Payment slips, logos, and additional files must be validated by file type and size. Executable files, unsafe scripts, unknown binary files, and suspicious uploads should be rejected. Upload folders should not allow PHP or executable code to run.
5. Copyright, Trademark, and Concept Protection
The complete platform concept, AI website-building flow, admin management system, business method presentation, interface structure, template management concept, written content, brand marks, and software logic are owned by Web Designer & Web Developer (Pvt) Ltd. These assets are protected under Sri Lankan law and applicable international intellectual property and trademark principles.
6. Incident Handling
If a security issue is suspected, access should be reviewed immediately, affected credentials changed, suspicious files removed, backups checked, server logs reviewed, and the hosting provider contacted when required.
7. Disclaimer
We take strong security measures, but no website, server, plugin, API, email, SMS, or payment system can be guaranteed completely free from risk. Clients must also protect their own passwords, devices, email accounts, payment credentials, and business data.