WordPress security and maintenance

I offer a WordPress security and maintenance service for small businesses who don’t want the hassle of looking after their own site security. My service offers:

  • updatesWordPress Updates. I add your site to the list of many others in my automated update system. When new themes, plugins, and WordPress versions are released, these are automatically applied and notified periodically. You don’t need to worry about the updates mounting up for you to apply yourself.
  • WordPress Security. I install and manage Wordfence and Sucuri tools on your site, act as the notified person on your behalf for any security intrusions, and take the necessary action on any issues which may arise.
  • WordPress Installation Backups on a nightly basis. If your site is ever compromised or if you accidentally delete important data, I can always reload last night’s files with a one-click restore. This backup will be securely stored in Dropbox (i.e. not on your server). Probably more efficient than contacting your web host for a restore (if they do indeed take any backups at all).

This service is available even if your site is not one I created or host. These services are included in the service I offer my own hosting customers, and can also be bought for those whose sites are hosted elsewhere. Note: I will need your hosting control panel and WordPress log in details.

Why is WordPress security necessary?

WordPress is a fantastic tool for managing your own web site. Its popularity makes it an ideal target for spammers and hackers. They can use the system to embed suspicious scripts and other nasty spam / malware elements. However I have plenty of experience of dealing with these kinds of problems and I have a number of tools I can deploy to keep your site secure. I also monitor all sites I host for any irregular behaviour. Many designers expect you to monitor WordPress security yourself, but sadly without regular application of security patches, not following good practice for usernames and passwords, and not using tools such as WordFence, it’s just a matter of time before a site is compromised.

Wordpress Security - cryptolockerIncreasingly over the past few years, customers have come on board with me through a “distress purchase” situation. They may have had lots of spam posts, comments or links added. Or worse, the entire site is unavailable or has been defaced. Some of the “payloads” that can be dropped on to insecure web sites include bank phishing exploits and ransomware, which then infects other people’s computers.

How I can help

When I act as security admin for your site, I monitor the WordPress installation and receive all the automated notifications of hack attempts. When I spot anything unusual I will let you know, advise what needs doing. I can also take the necessary action to rectify the situation. WordPress backups can be restored if key data is lost for any reason. I will also apply the periodic updates to WordPress itself, plugins and themes. This will be at least quarterly, and even more frequently when critical patches are released. This service doesn’t guarantee your site will never be hacked – sadly the hackers are sometimes one step ahead of the good guys who write the preventative software. But you will have the peace of mind of knowing someone is on the case should the worst happen.

I also often help people out over the internet and Twitter, who have had their sites hacked. Usually I can help them to identify and rectify the problem. Don’t let all of this put you off using WordPress. Your site is not at risk to your site as long as security is properly managed. And don’t leave your site forever with a basic default “admin”username and a password of “password”.