PE WordPress Site¶
The public corporate site at
projecteidos.com. Built on WordPress — the world's most-used content management system.
| Field | Value |
|---|---|
| Public URL | https://projecteidos.com |
| Admin URL | https://projecteidos.com/wp-admin/ [CONFIRM] |
| Audience | public — prospective customers, press, candidates |
| Criticality | medium-high [CONFIRM] (brand-facing; downtime is publicly visible) |
| Maturity | [INFO NEEDED] |
| Owner | [INFO NEEDED] |
| Last reviewed | 2026-05-05 |
1. At a glance¶
projecteidos.com is the Project Eidos public corporate domain. It is currently a 301 redirect to https://eidos-global.com/ — there is no separate site content here today. The redirect is served by a WordPress container on Dokploy (E2). DNS for the apex points direct to E2's public IP, bypassing E1's Caddy.
2. Business purpose¶
Brand presence, lead generation, product information. The "front door" of the company.
3. Audience¶
Public internet — prospects, partners, journalists, candidates, search engines.
4. Hosting & cloud infrastructure¶
- Server: E2 EIDOSDev1 Dokploy VPS (
145.241.230.130) - Deploy method: Dokploy
- Reverse proxy: Traefik on E2 (apex DNS points direct to E2; bypasses E1 Caddy)
Infrastructure map¶
| Item | Value | Notes |
|---|---|---|
| Public hostname | projecteidos.com (apex) + www. |
both → 145.241.230.130 = E2 |
| Backend host | E2 (Dokploy) | shared with 8 other apps |
| Public IP | 145.241.230.130 | |
| Open ports | 443, 80 (redirect) | HTTP/3 advertised via Traefik |
| TLS cert | Let's Encrypt via Traefik [CONFIRM] |
|
| Web server (in container) | Apache/2.4.66 (Debian) | from Server header |
| PHP version (in container) | 8.3.30 | from x-powered-by |
| WordPress version | [INFO NEEDED] |
|
| Database | MySQL/MariaDB container [CONFIRM] |
likely a sibling container in Dokploy |
| Behaviour | 301 redirect to https://eidos-global.com/ |
x-redirect-by: WordPress |
Credentials in Vault¶
| Secret type | Vault path / link | Last rotated |
|---|---|---|
| WordPress admin login | [INFO NEEDED] |
|
Database (wp-config.php) |
[INFO NEEDED] |
|
| SFTP / SSH to host | [INFO NEEDED] |
|
WordPress salts (in wp-config.php) |
[INFO NEEDED] |
should be in Vault, regenerable |
| Plugin/theme license keys | [INFO NEEDED] |
|
| SMTP / mailer credentials | [INFO NEEDED] |
5. Technology behind it¶
- Type: off-the-shelf platform with custom theme/content
- Product: WordPress (PHP application + MySQL/MariaDB database)
- Themes / page builders:
[INFO NEEDED](Elementor, Divi, custom theme?) - Notable plugins:
[INFO NEEDED]— list especially security, caching, forms, SEO
6. Data it handles¶
| Data class | Present? | Notes |
|---|---|---|
| Personal data (PII) | likely yes | contact-form submissions |
| Customer / client records | no [CONFIRM] |
|
| Financial / payment data | [CONFIRM] |
only if there's e-commerce |
| Authentication secrets | yes | wp-admin accounts |
| Internal company data | [CONFIRM] |
drafts, unpublished pages |
| User-generated content | [CONFIRM] |
comments? newsletter sign-ups? |
7. External dependencies¶
- DNS / CDN provider
[INFO NEEDED] - Email delivery for contact-form submissions (
[INFO NEEDED]) - Third-party plugins — each is a potential supply-chain risk
- Analytics / pixels — Google, Meta, LinkedIn
[INFO NEEDED]
8. Authentication & access¶
- End-user login: public (no login)
- Admin login: WordPress local accounts at
/wp-admin/[CONFIRM] - MFA enforced?
[INFO NEEDED](recommend a plugin like Wordfence or WP 2FA) - Who has admin access today?
[INFO NEEDED] - Editor / author roles?
[INFO NEEDED]
9. Maturity assessment¶
| Dimension | Status | Evidence |
|---|---|---|
| Backups | [INFO NEEDED] |
DB + uploads + theme/plugin code |
| Monitoring | [INFO NEEDED] |
uptime check? Beszel? |
| Alerting | [INFO NEEDED] |
who knows if it goes down |
| Redundancy | [INFO NEEDED] |
usually single host |
| Patching cadence | [INFO NEEDED] |
core + plugins must be kept up to date |
| Deploy process | [INFO NEEDED] |
manual via wp-admin? Git? |
| Secrets handling | [INFO NEEDED] |
wp-config.php contents in Vault? |
10. Known risks & vulnerabilities¶
WordPress is the single most attacked CMS on the internet. Real risks to flag:
[CONFIRM]Outdated plugins/themes — the #1 cause of WP compromises. Each plugin is third-party code with admin DB access.[CONFIRM]No WAF / rate-limiting in front —/wp-login.phpis brute-forced constantly.[INFO NEEDED]Admin without MFA — if any admin account is password-only, account takeover risk is high.[INFO NEEDED]No backup / no tested restore — if compromised or corrupted, recovery time is unknown.[INFO NEEDED]File-write enabled — many WP sites allow theme/plugin upload via the admin panel; if admin is compromised, attacker gets shell.[CONFIRM]Public attack surface — exposed to entire internet by definition.[INFO NEEDED]Defacement / SEO injection — competitors / SEO spammers actively exploit WP.
11. Impact if it goes down¶
- Brand damage — public-facing.
- Lost lead-form submissions during downtime.
- Search ranking drops if outage is prolonged.
- Likely no internal blockers (staff doesn't depend on the site to do their job).
12. Owner & on-call¶
- Primary owner:
[INFO NEEDED](often marketing-owned, technically maintained by IT) - Backup owner:
[INFO NEEDED]
13. References & links¶
- Public URL: https://projecteidos.com
- Admin: https://projecteidos.com/wp-admin/
[CONFIRM] - Sister sites: EIDOS Global WordPress, TnE Connect WordPress
- Domain: see domains.md