Is the client package and communication secure?
Yes, because we don't want SiteDash's remote management functionality to be abused we take security very seriously and have implemented a secure way to authenticate requests.
When you connect your site to SiteDash, a unique and cryptographically secure public/private key pair is create. The public key is sent to your site, and the private key is stored (encrypted) by SiteDash. Whenever SiteDash requests information from your site, or executes a remote task, a signature is created for the request using the private key. That signature is checked by the Client package against the public key it has stored. If the signature does not match (which could indicate MITM tampering of request parameters, an unsigned request, or incorrect key being used for the signing) the request is denied.
Important: use HTTPS!
While the communication is tamper-proof, if your site uses only HTTP, attackers may in theory be able of eavesdropping on the request or response. We try to avoid any sensitive data ever leaving your server, but for example when downloading error logs or checking for admin users some sensitive information may go through the network.
To avoid such concerns, make sure your site is only accessible over HTTPS.