WordPress Management and Security Services

Website management and security are important issues ... even in WordPress. Since I installed our website security package on this site, I noted that we have about 500 login attempts from hackers EVERY day. This type of activity is not, unfortunately, relegated only to my site. It is more than likely happening on your website too. Consequently, I have decided to offer a three different WordPress Management and Security services packages.

One-Time Management Service

If you are confident your website is free of malware and all you want is the latest updates and a complete back of your website this is the service for you.

  • Complete Website Backup (so it can be easily recovered if something nasty happens to it)
  • WordPress Core File system update (that way you have the latest version of WordPress with it's latest security protocols in place)
  • Plugin Updates
  • Complete Website Scan to determine if there are any malware problems
  • FEE: $75/hour

One-Time Security and Recovery Service

If you are suspicious that your website has been hacked, or that malware has been installed on your website, this is the service for you:

  • Website Recovery
  • One-time scan for Malware
  • One-time removal of Malware
  • FEE: $75/hour

One-Year Management and Security Service Contract

  • Complete Security Audit
  • Harden Security (see below) so that the Security Audit 'passes'
  • Quarterly WordPress core file system updates
  • Quarterly plugin updates
  • Quarterly website backups
  • Scan your website on a weekly basis and take care of any problems arising
  • Hack Recovery and Malware Removal (at anytime while on the contract, free of extra charge)
  • Website recovery should something happen due to a virus or a hack (free of charge)
  • FEE: $500/a (for most websites, restrictions apply, for example, this does not include fixes for plugin deprecation or failure due to updates)

Here is a complete list of 'hardening' measures that will be taken:

  1. delete the default admin account and create a new administrator account with a user name that is NOT ‘admin’ (unless you already have a username that is not ‘admin’)
  2. make sure that the display name in your posts is not the same as the login or user name of your account
  3. restrict the number of failed WordPress login attempts to 5. (prevents brute force attacks)
  4. disable all newly registered accounts until you can approve them manually
  5. install a WordPress firewall which includes:
    • 6G and 5Gprotection (6G is a ‘blacklist’ that checks request strings to protect your site against malicious HTTP activity)
    • blocking fake googlebots
    • prevents hot linking to your site's images to prevent site slowdowns
    • block IP's known for SPAM comment posting
  6. create an automated database backup system which will backup your database every week
  7. change the Database Table Prefix to something other than the default
  8. Make sure all file permissions are properly set
  9. prevent listing of directory contents to users that are not logged in
  10. prevent access to the following files:
    • readme.html
    • license.txt
    • wp-config-sample.php
  11. disable Trace and track (HTTP Trace attack can be used to grab cookies and other info)
  12. prevent Proxy Comment Posting
  13. introduce a login captcha form (to prevent computer generated logins) on:
    • the login page
    • lost password page
    • when anyone tries to register
  14. set up an invisible 'honeypot' on the home page to prevent computers from logging in to your website
  15. set up a notification system whereby we will be notified by email when:
    • when files on your website are changed or updated
    • when someone gets locked out or blocked by the firewall
    • when attacks on the website are detected
  16. disable code execution from the 'Uploads' library
  17. remove all unused themes from the website (hackers like to install 'back doors' here because they are not overwritten when themes are updated)
  18. monitor live traffic to the website and block or throttle it if required
  19. set up automatic WordPress updates

Let's Meet Up!

Whether you're in the Triangle area, or not, let's meet up or talk over the phone about how we can bring your vision to fruition.