Backup, Security and Performance Services
$35.00 / month and a $99.00 sign-up fee
We offer affordable yet comprehensive maintenance services to keep your site up-to-date and secure from hackers, spambots and other threats. Read the description below for all of the details.
Fundamentally, security is not about perfectly secure systems. Security…is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture — reducing the odds of making yourself a target and subsequently getting hacked. WordPress Security CodexWordPress powers more than 37.6% of all websites on the internet. With hundreds of thousands of theme and plugin combinations in the WordPress ecosystem, it’s no surprise that security vulnerabilities exist and hackers seek to exploit them. However, there is also a very strong community that supports the WordPress platform to ensure these vulnerabilities get patched as quickly as possible. As a result, weekly plugin and theme updates — as well as uptime and security monitoring — are vital to keeping your website safe and functioning properly, especially in light of the recent increases in “brute force” and other attacks. To learn more, visit: https://www.wordfence.com/blog/.
No site is completely immune from being hacked (as we have seen from recent news stories and wikileaks revelations), however, our job is to make it difficult for hackers so they move on to someone else’s site. And if your site does get hacked, we’ll know about it instantly and be able to remove the malicious code and restore the site.
Why hackers do what they do:
How hackers exploit WordPress sites:
How do you know you’ve been hacked?
Clear indicators of a hack include:
- Website is blacklisted by Google, Bing, etc.
- Host has disabled your website
- Website has been flagged for distributing malware
- Readers complaining that their desktop AV’s are flagging your site
- Contacted that your website is being used to attack other sites
- Notice behavior that was not authorized (i.e., creation of new users, etc…)
- You can visibly see that your site has been hacked when you open it in the browser: Examples:
- Defacement – digital graffiti is found on your site
- Links on your site that take you to another site
It depends on which of the above has happened, and if your site actively sells goods or services or not. If you make a living from your site, it can be very costly. At minimum, it’s a nuisance. It takes time and therefore money to remove the offending software/hack — sometimes upwards of 5-10 hours to root out all problems.
What we will do
- Daily and Weekly Backups: Backups are extremely important – not only in case your site is hacked but also to protect against errors caused by updates to the WordPress core software, plugins and themes. If your site was created by BentonWebs, we already do weekly backups to your hosting account but you also need a daily backup. And these backups need to be stored somewhere other than the same server that is hosting your website – in case your host’s server goes down or they inadvertently delete your site (which we have had happen previously). We’ll do that for you using Dropbox and we’ll keep 4 weeks of weekly backups.
- Weekly WordPress Core, Theme and Plugin updates: All these various forms of software are updated regularly to add additional features/functionality and to patch security holes. Hackers look for and often exploit vulnerabilities in the WordPress core code and within plugin and themes. Fortunately, WordPress developers and external security experts discover these vulnerabilities and notify the appropriate parties so they can release updates. However, your site needs to be updated as soon as possible after the patch/fix is released. These updates are now happening so frequently, that unless your site is being updated weekly, you are at much higher risk of being hacked. We will update your site to the newest versions of these apps on a weekly basis. We perform these updates on your production/live site and test. If there are issues, we roll back to a previous backup. Then we create a staging site where we investigate the issues, so we can then perform the updates on the production/live site.
- Security Hardening: We’ll install the leading WordPress security plugin – WordFence – and tune it to make your site less vulnerable to potential hackers. This plugin features a variety of tools to harden your site: brute force attack (robots trying to guess passwords) prevention, firewall, etc. We’ll also set it up to scan for files that are not in the existing repository of WordPress core and plugin files so that if a hacker inserts malicious code (malware, spamvertizing, etc.) we’ll know about it and be able to remove it right away.
- Support, troubleshooting and removal of problems: This not only includes being hacked, but also unexpected issues that arise as a result of WordPress, Plugin or Theme updates. For example, one of our client’s site pages were turned into random illegible characters by an update to one of the plugins. Whenever this happens, it takes time to figure out what happened and fix it. We’ll do that as part of your monthly fee. We’ll also fix forms not working and other maintenance-related issues.
- Add SSL/TLS (https://):
Using a secure connection is an important part of WordPress security. If your site starts with ‘https://’ and is green (in most browsers) or has a lock icon, that indicates it is using SSL/TLS. Signing in via HTTPS and having your visitors complete forms via SSL/TLS insures that your login information is sent encrypted across the network and that someone listening in can’t steal your or your clients’ username and password or data. Google and Firefox started giving a warning if someone fills out a form and the page is not SSL/TLS. If your site isn’t already SSL/TLS, we can install one for free using Let’s Encrypt. This setup is included in the $99 one-time setup fee.
- Uptime monitoring: We’ll add your site to our Uptime Robot account, which provides free monitoring of your website’s uptime and it will notify us if your site goes down so we can investigate and get it back up.