Website Content Security

Is your WordPress website content protected against attack by hackers?

We can help you implement a range of security measures for WordPress installations designed to reduce the chance of successful  ‘brute force’ break-ins that can result in the hijacking of your site and potential DOS (Denial of Service) or loss of content or data.

  • We can back-up your WP database and website content on remote servers in multiple locations.
  • We can restore your website content from back-up if it’s been hacked or compromised.
  • We can back-up & migrate your WordPress content if you want to change service providers.

There is a relentless stream of attacks against websites going on all the time. The scale of this is hard to visualise. Imagine a website being attacked over a 4 hour period by hackers attempting to initiate a ‘brute force’ login to the website back-end administration. The attacks come almost simultaneously from over 100 different IP addresses all over the world. Each login attempt from each IP address occurs 20 times before the IP is blocked – 2000+ log-in attempts are made. Then imagine this same thing happening to millions of websites across the planet every second of every day!

 


We provide the following website security services for WordPress installations:

  • Consulting and advice on web security
  • Remote security monitoring services
  • Install security plug-ins and customise settings
  • Migrate website content to a new directory
  • Restore WP core and site content following a breach
  • Security lockouts for specific countries
  • Customise security software settings
  • Manual updates of WP themes / Plugins
  • Domain directory / cPanel interventions
  • Customise WP plug-in settings
  • Log-in Username and Password management
  • Emergency interventions (priority service)
  • After hours and weekend services
  • Email set-up assistance
  • POP Email security (black/white-listing etc)

ALL FEES AND WORKING DEPOSITS ARE PAYABLE IN ADVANCE

CLICK/TAP HERE TO DOWNLOAD FEE SCHEDULE PDF

 


IF YOUR WEBSITE IS HOSTED WITH US:
For websites hosted on our servers us we take back-ups of your website database and content and ensure WordPress core updates occur and are responsible for the multiple (separate) secure server encrypted storage of these back-ups as part of the annual hosting fee. This does not include and interventions or content restoration services. Where possible WordPress core updates are set to ‘auto-update’.

IF YOUR WEBSITE IS HOSTED ELSEWHERE:
We do not provide free services for websites not hosted by us. We can, if instructed to do so, take back-ups of your website database and content. Please let us know if you want this option as fees apply. Whether we can guarantee auto-updates of the WordPress core will require confirmation via your cPanel or other admin panel – this too will attract a service fee.

 


WEBSITE CONTENT SECURITY MANAGEMENT:

The following is a brief precis of the tasks that we do for fee paying clients. If you would like for us to undertake these tasks for you please refer to the SCHEDULE OF FEES or contact us to book a chat.

Monitoring

The website security services we offer are underpinned by our subscriptions to paid professional software solutions that monitor, report occurrences and suspicious activities, and activate notifications for things such as required manual updates. We pay a fee for each website we monitor and protect.

Manual Activities

We monitor and read email notifications and reports coming in from our security software’s that notify us of various occurrences and incidents such as:

  • ‘Brute force’ break in attempts – Brute force break-ins use hacking software to discover your username and password and then can inject malware scripts, facilitate DOS (Denial of Service), and cause theft or loss of content or data.
  • Plug-in vulnerabilities – Plug-ins can become compromised at any time so when we are informed that a plugin used on your site is compromised we act to close off the vulnerability.
  • Plug-in updates – When notification is received that a plug-in update is available it means the authors of the plug-in are responding to a new or known vulnerability. Best practice is to update the plug-in as soon a possible – immediately.
  • IP address lock-outs – Following an attack on a website we check to see from which countries and via which IP addresses the attacker came. We then act to shut out these IP addresses and suppress visitation from specific countries.
  • WordPress theme updates – Like plug-ins, WordPress themes are also subject to attack and malware script injections so we daily check all websites for themes that have notified of updates. If necessary we will swap out a completely compromised theme for a ‘safe’ theme to ensure the site content is protected.

We then follow through on the notifications – this means we check all sites that have triggered notifications:

  • Check if site is loading and visible
  • Update plug-ins as required
  • Check for plugin conflicts
  • Resolve plug-in conflicts (requires disabling each plugin one by one to identify which plug-in is causing the issue).

Next we login to our cloud security solution and manually run a malware detection scan on all website directories and respond to the results where required.

We receive and read daily reports from a number of security organisations that we belong or subscribe to which keep us up to speed with current trends and news about online security and importantly industry best practices including new software releases and updates. There are new malwares, viruses, and damaging scripts being developed and released 24 hours a day and we stay up to date.

There are a broad range of practices and protocols that you can use to protect your online presence and we are happy to consult professionally or train you on best practice.

The measures mentioned above do not include security for POP email accounts for which we now recommend the use of a Mail Exchange service for greater protection from email hijack and spam attacks. If you would like further security put in place for your POP mail accounts or want to discuss any other cyber security matters please contact us.

We hope you understand the importance of online security and look forward to providing professional web design, search engine optimisation and website security services into the future.

Please get in touch with us using the quick contact form in the right sidebar if you have any questions.