WordPress.com iso 27001 evidence

nicole20666909034 · Member · Jul 1, 2025 at 6:25 am
Copy link

Add topic to favorites
Subject: Request for ISO 27001 Certification or Security Questionnaire Response

Hello,

We are a current WordPress.com customer undergoing a security compliance review as part of our vendor risk assessment process. As part of this process, we are requesting evidence of ISO/IEC 27001 certification.

We understand from a public WordPress.com forum post that while WordPress.com itself may not be ISO 27001 certified, your data centers may be. However, we have been unable to find any official documentation in your Terms of Service or Privacy Policy to verify this claim.

To satisfy our compliance obligations, we kindly request one of the following:
1. A copy of WordPress.com or Automatic’s ISO/IEC 27001:2013 certificate (if available),
  or
2. Documentation confirming that your hosting/data center providers are ISO 27001 certified (including the provider name and certificate scope),
  or
3. Completion of our security questionnaire if neither of the above can be provided.
Please advise the most appropriate path forward, and if needed, we can provide the security questionnaire promptly.

Thank you for your assistance.

Best regards,
Nicole

The blog I need help with is: (visible only to logged in users)
josefhtest · Member · Jul 1, 2025 at 11:31 pm
Copy link
Hi @nicole20666909034

At this time, WordPress.com does not hold HITRUST, or ISO 27001 certifications. These types of certifications are typically associated with enterprise-grade services, and for organizations requiring that level of compliance, we recommend exploring WordPress VIP, which is part of the Automattic family and offers services tailored for enterprise needs, including security assessments and certifications.

That said, WordPress.com takes security seriously. We actively monitor for vulnerabilities and work with partners like WPScan to identify and mitigate potential risks across our platform. You can find more details on our security practices in our guide here:
https://wordpress.com/support/security/

If you have specific security-related questions as part of your vendor review, feel free to send them our way. While we may not be able to provide detailed reports or certifications for all of them, we’re happy to address what we can within our scope.

No items found.