# Overview

By design Enhance offers many security features.

# PHP Containerisation

Enhance runs all user websites inside isolated PHP containers. This means that all processes belonging to a website run under the context of that user's isolated container, and cannot access files or folders outside of that.

User level SSH and cron jobs run inside the same container as PHP.

This functionality will prevent cross infection of sites even within the same subscription.

However it will not protect websites from vulnerabilities in their own code. You and your customers should ensure CMS software and plugins are kept up to date with relevant security patches.

# Role containerisation

Every role on Enhance is containerised, including all components of the email system. These containers have no access to website files, even if the application role is installed on the same server.

# User/permission access

All operations carried out on a website by Enhance (such as WordPress operations) run as the website's unix user and not as root.

# Let's Encrypt Certificates

All websites with DNS pointed to a server in your cluster should automatically acquire a LetsEncrypt SSL certificate.