WordPress security It’s NOT optional
We take WordPress security seriously and so should you. A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information and passwords, or install malicious software. They can distribute malware directly to your subscribers or you could even find yourself paying a ransom to the hackers, just to regain access to your website.
WordPress needs to be regularly maintained and updated to keep it secure. WordPress will automatically install minor updates by default, but major releases need to be installed manually. WordPress comes with thousands of plugins and themes from third-party developers that will also need to be kept up to date.
WordPress Security Scan
See if your WordPress website is up to date and safe from hackers.
What we do to secure your WordPress site
We manage all your website’s core, plugin and theme updates. We will also remove any unused plugins and themes as these may contain vulnerabilities that could be exploited.
Below is a full list of what we do to keep your WordPress site safe.
Keep WordPress core up to date We ensure that your WordPress version is always up to date, thus decreasing your exposure to hacking. Keep all plugins and themes up to date Plugins are a major attack vector if they are not kept up to date, so we make sure they are updated often. Protect your site from brute force attacks Stopping multiple login attempts from unauthorised users. First we prevent them from logging in for a set amount of time, then if they keep trying, they are added to our list of banned users. Use an isolated server Each account in our hosting is ring fenced so if a website was comprimised, it can’t attack other sites. Monitor unusual file changes We put in place tools to monitor any file change that occurs within WordPress. We will be notified if something seems out of the ordinary and investigate. Run regular malware scans We run scans to confirm your site has not been compromised Add a TLS/SSL certificate to your site* Without a TLS/SSL certificate, it is possible the details you are inputting into forms like login or credit card screens could be intercepted by another computer. A TLS/SSL certificate is used so that the information being transferred becomes unreadable. Use 404 error page protection We monitor visitors trying to access pages that don’t exist. If the same user visits a page that doesn’t exist often this is usually a bot trying to find vulnerabilities, so we ban these visitors. Ban known bad hosts We have a list of known bad servers/computers/IP addresses, we never allow these access to your WordPress site. Black list constant attacking IPs We add IPs that we have detected as attacking your website to a global list that we keep updated for all of our clients. So if we’ve found a bad IP address on one of our other sites, we’ll ban it from all of our sites. Create security keys (salts)* We make sure you have this extra level of security, by making sure you have the automatically generated SALTs (and not the default) in your WordPress configuration file. Remove the default admin account We remove the ‘admin’ user account, because if this isn’t done, an attacker only needs to guess your password to gain access. Change the WordPress admin address* Changing the default directory of the administration section adds another level of security, so your administration backend is more difficult to find. Retain 3 months of site backups If something does go wrong, we can restore your site from anywhere up to 3 months in the past. Enforce complex passwords We make sure your passwords are not easy to guess. Offer you notifications about attacks* Notifications can be emailed to an administrator that can review them on a regular basis. Monitor unusual changes in site traffic Notifications are sent if a spike in traffic occurs, so we can confirm it is not under attack. Option to enable two factor authentication* Two-step authentication will use your phone or another device to authenticate you when logging into the WordPress admin area. Monitor security access We log all successful and unsuccessful logins to the system, so we can see at a glance if any suspicious logins have occurred. Monitor the load on the server Constant monitoring of our servers allows us to keep your website running smoothly. Protect uploads directory We stop any script being run in the uploads directory, this is a common place that malicious code is added. Restrict admin logins to specific countries or even IP address We can make it so that only a specific set of IPs can access the administration section of your site. Locking out countries that we know you won’t be accessing the administration from is a good idea to stop unwanted access. Web server patching We make monitor security patches and make sure the webservers have all the latest security patches applied to them. * indicates as an optional security measure Let us worry about it
We know that WordPress security can be a bit intimidating. To give you peace of mind, we can take on the responsibility of keeping your WordPress website safe and secure.
However, if you want to look after your own WordPress sites security needs, then check out out
Tips and Tricks section. WordPress Hosting Including WooCommerce sites
Shop around and you’ll find cheaper hosting packages. But if you’re after a solid local provider who takes all the headaches out of keeping your WordPress and WooCommerce site alive and kicking, then give us a call.
Below are some hosting and support packages to consider…
Secure hosting only
$65 – Secure Hosting
Includes: Free transfer to our secure servers, malware scan, security hardening of your site, continual WordPress core updates, continual WordPress plugin updates, continual monitoring for signs of infection, SSL certificate added, 3 months of back ups. Secure hosting and support
$65 – Secure Hosting
$30 – Support (15 minutes)
Your 15 minutes support per month can be used for anything web-related.
Save $11 per month. Secure hosting and support + Free – Secure Hosting $120 – Support (60 minutes)
Your 60 minutes support per month can be used for anything web-related.
Save $110 per month. What can I use my support hours for?
Anything web-related, like SEO, Google Ads, web strategy advice, design and development work, usability review/advice, staff training, or content management. Think of us as your in-house web team. All work that falls outside of your monthly support hours is charged at $165 +GST per hour. For more information look at our
WordPress Support page.
terms and conditions for full details.