//

Securing & Maintaining Your WordPress Website Together

WordPress is one of the worlds most popular web platforms.  In fact, they estimate that 1/3 of ALL websites on the internet, is built on the WordPress CMS.  Whilst I’ve always built websites using a range of options, I increasingly find myself drawn to WordPress. 

However, WordPress sites are also the most targeted for malware, SQL Injections, spambots, viral attacks and more.  Their universal code spread over 30% of the internet means that unethical elements of the online community only need to write a programme to attack a site once and it’s suitable for all equal installations of WordPress.  There’s very little targeting in these attacks – think of it like a normal cold-and-flu virus.  It will simply bounce from one person or website, to the next it comes into contact with, infecting all who have weakest immunity.

WordPress are very good with keeping on top of these evolutions in malicious code though, and routinely bring out updates and security patches to keep websites safe.  The same can be said for the most popular elements of WordPress Plugins.  A plugin is an element built into WordPress to perform a specific function – some plugins are as complex as a shop, whereas others are very simple text buttons added.  The world of plugins is vast and deep, ranging from high-priced top-quality development work in action on millions of websites, down to poor quality and ineptly built cheap plugins.  Just like WordPress itself, credible developers bring out updates and security patches on a regular basis to defend your website.

So far, so good, right?  The WordPress community is targeted often (purely because of its visibility) but the frequent updates and patches from the core and credible plugins should continue to keep your site safe.  That’s entirely true – provided the malware doesn’t reach your website before the update.  However, websites are built on layers – thousands of them integrating with each other (think Tetris!). When one of those layers is updated, it affects all of those around and above it.  If one of your plugins is set to automatically update with a fault – your layers are as useful as a house of cards in a hurricane.  Even the most stable of updates on the WordPress platform can modify a layer one of your plugins uses, preventing them from integrating and working correctly.

Level One

secured from hosting
  • Automated cPanel Backups
  • Updates on Request
  • Captcha form and login protection
£20 p/m

Level Two

includes all from level one, plus:
  • Entry level versions of iTheme Security plugin

  • Entry level SSL
  • Protected login links
  • Updates implemented every 4 weeks
£42 p/m
Plus £45 setup if purchased without website

Level Three

includes all from level two, plus:
  • Professional level versions of iTheme Security plugin

  • GoDaddy SSL
  • Daily Malware Scanning
  • Google Blacklist monitoring and removal
  • Updates implemented every 4 weeks
  • Database & file optimisation every 4 weeks
  • Maintain Audit Logs
  • One hour of integration resolution
£59 p/m
Plus £45 setup if purchased without website

Level Four

includes all from level three, plus:
  • WAF malware prevention
  • CDN performance accelerator
  • Advanced DDoS mitigation
  • Daily Malware Scan
  • Advanced DDoS mitigation
  • Advanced DDoS mitigation
  • 2 hours of integration resolution
  • Updates implemented every 4 weeks
  • Database & file optimisation every 4 weeks
  • Staging site on request
£115 p/m
Plus £45 setup if purchased without website

Level Five

includes all from level four, plus:
  • 2-factor authentication logins
  • Premium DNS to prevent Domain Hijacking
  • 4 hours of update integration resolutions
  • Weekly updates
  • Weekly database & file optimisation
  • Uptime monitoring
£155 p/m
Plus £45 setup if purchased without website

What's your website worth?

Website security isn't just an issue of stopping the site going offline. Malware attacks frequently add content to sites as it's easier to do that edit existing content. How would your brand's reputation cope if there was pornography, credit-card fraud, or viagra ads on your site for two months before you noticed?

What's more, the site will constantly be scanned by Google and other search engines.  This can have your company linked permanently to whatever type of spam is advertised on your site, or worse can get your website blocked from search history - prevent users from visiting it, and send all your emails to spam.

It's so much more than going offline.  So how prepared are you?

This website page is constantly being updated and modified as we adjust to threats in the online community.  Keep checking.