Architecture

Security & Isolation

SYNTH applies a "Zero Trust" security policy by default. Each site is a fortified isolated fortress.

Total Linux Isolation

Contrary to classic shared hosting which runs all sites under `www-data`, SYNTH creates a **unique Linux user** for each WordPress site.

File Isolation (Chroot)
If site A is hacked, the attacker cannot read or modify the files of site B. The `chmod` permissions are strict (750).
Dedicated PHP-FPM Pools
Each site has its own PHP process. A site that crashes (OOM) does not affect the performance of its neighbors.

# Process Structure

root── nginx: master process

www-data── nginx: worker process

root── php-fpm: master process

synth_a1b2── php-fpm: pool www.site-a.com

synth_c3d4── php-fpm: pool www.site-b.com

Firewall (UFW) & Ports

22 (SSH)

Open for administration. Protected by SSH key only (Password Auth disabled).

80 / 443

Open for web traffic (HTTP/HTTPS). Managed by Nginx.

OTHERS

Everything else is blocked by default (Deny Incoming). Database (3306) inaccessible from the outside.

/var/backups/synth/

site-a.com_2026-01-23.tar.gz

site-a.com_2026-01-23.sql

LOCAL ONLY

Data Sovereignty

At SYNTH, we never store your files or databases on our servers.

Backups are generated locally and stored in a secure folder (`root:root`) on **your** server. You can download them via SFTP at any time. This is the guarantee of total GDPR compliance.

Security & Isolation

Total Linux Isolation

File Isolation (Chroot)

Dedicated PHP-FPM Pools

Firewall (UFW) & Ports

Data Sovereignty