Hosting Security

PortlandLabs is the founder and maintainer of Concrete CMS (concrete5). For security information for that open source project please visit

To report a security vulnerability in the Open Source Concrete CMS (concrete5) please submit a report here.  

We know our hosting clients care deeply about privacy and data security. Hence, we follow industry best practices to keep the sites we host for you secure! The following are only some of the many things you get when you host with us: 

  • 24/7 monitoring and alerting 

  • AWS Infrastructure configured to meet CIS benchmarks and AWS Best Practices. 

  • All data encrypted at rest and in transit!

  • Infrastructure access restricted to FIPS 140-2 MFA and least privilege 

  • Firewalls and DDOS protection

  • Intrusion detection and file integrity monitoring  

  • Annual Independent Penetration Testing 

  • Annual Incident and Disaster Recovery Testing with Backup Restoration!

  • Rigorous Security and Change Management Program!


Need more details? Ask us to send you our Privacy and Security Overview or SOC 2 Type 2 Report (Security & Availability)



Open source, but fully supported.

Concrete CMS is free and open source under the MIT license, and is fully ISO:27001 compliant out of the box. If your organization's IT and compliance groups want to manage the platform yourself, you're welcome to!

If your team would rather focus on content, the team behind Concrete can host your website for you and help you maintain a safe, secure and compliant web presence. We have a detailed understanding of compliance requirements and security is baked into our processes from the ground up. You'll be able to sleep soundly knowing our people are watching out for your public presence on the web. 

Support contracts are here to provide value & safety when you need it, but are never a requirement. You'll never get roped into some license fee you don't understand and can't control. You'll always own your content and your copy of the CMS, we're just eager to help if we can provide value.