Backup, Security and Performance Services
$35.00 / month and a $99.00 sign-up fee
We offer affordable yet comprehensive maintenance services to keep your site up-to-date and secure from hackers, spambots and other threats. Read the description below for all of the details.
Over the past year, there has been a dramatic increase in hacking attempts on WordPress powered websites since it is the leading open source Content Management System (CMS) and is used by 27.2% of the top 10 million websites on the Internet. The WordPress ecosystem is a highly collaborative system which relies on thousands of volunteer programmers who constantly update the WordPress core as well as a huge repository of “plugins” (software apps/modules) with input from security experts and others. As a result, ongoing weekly updates, as well as uptime and security monitoring are essential components in keeping your website secure and functioning properly, especially in light of the recent increases in “brute force” and other attacks. To learn more, visit: https://www.wordfence.com/blog/.
No site is completely immune from being hacked (as we have seen from recent news stories and wiki leaks revelations), however, our job is to make it difficult for hackers so they move on to someone else’s site that is less secure than yours. And if your site does get hacked, we’ll know about it instantly and be able to remove the malicious code and restore the site.
Why hackers do what they do:
How do you know you’ve been hacked?
Clear indicators of a hack include:
- Website is blacklisted by Google, Bing, etc.
- Host has disabled your website
- Website has been flagged for distributing malware
- Readers complaining that their desktop AV’s are flagging your site
- Contacted that your website is being used to attack other sites
- Notice behavior that was not authorized (i.e., creation of new users, etc…)
- You can visibly see that your site has been hacked when you open it in the browser: Examples:
- Defacement – digital graffiti is found on your site
- Links on your site that take you to another site
It depends on which of the above has happened, and if your site actively sells goods or services or not. If you make a living from your site, it can be very costly. At minimum, it’s a nuisance. It takes time and therefore money to remove the offending software/hack — sometimes upwards of 5-10 hours to root out all problems.
What we will do
- Daily and Weekly Backups: Backups are extremely important – not only in case your site is hacked but also to protect against errors caused by updates to the WordPress core software, plugins and themes. If your site was created by BentonWebs, we already do weekly backups to your hosting account but you also need a daily backup. And these backups need to be stored somewhere other than the same server that is hosting your website – in case your host’s server goes down or they inadvertently delete your site (which we have had happen previously). We’ll do that for you using Dropbox and we’ll keep 4 weeks of weekly backups.
- Weekly WordPress Core, Theme and Plugin updates: All these various forms of software are updated regularly to add additional features/functionality and to patch security holes. Hackers look for and often exploit vulnerabilities in the WordPress core code and within plugin and themes. Fortunately, WordPress developers and external security experts discover these vulnerabilities and notify the appropriate parties so they can release updates. However, your site needs to be updated as soon as possible after the patch/fix is released. These updates are now happening so frequently, that unless your site is being updated weekly, you are at much higher risk of being hacked. We will update your site to the newest versions of these apps on a weekly basis. If your site already has a staging domain or subdomain we’ll test the updates there first. If not, we’ll create a staging subdomain (provided this feature is supported by your host) so we can test updates there before pushing them to the “live” site.
- Security Hardening: We’ll install the leading WordPress security plugin – WordFence – and tune it to make your site less vulnerable to potential hackers. This plugin features a variety of tools to harden your site: brute force attack (robots trying to guess passwords) prevention, firewall, etc. We’ll also set it up to scan for files that are not in the existing repository of WordPress core and plugin files so that if a hacker inserts malicious code (malware, spamvertizing, etc.) we’ll know about it and be able to remove it right away.
- Support, troubleshooting and removal of problems: This not only includes being hacked, but also unexpected issues that arise as a result of WordPress, Plugin or Theme updates. For example, one of our client’s site pages were turned into random illegible characters by an update to one of the plugins. Whenever this happens, it takes time to figure out what happened and fix it. We’ll do that as part of your monthly fee.
- Add SSL/TLS (https://):
Using a secure connection is an important part of WordPress security. If your site starts with ‘https://’ and is green (in most browsers) or has a lock icon, that indicates it is using SSL/TLS. Signing in via HTTPS and having your visitors complete forms via SSL/TLS insures that your login information is sent encrypted across the network and that someone listening in can’t steal your or your clients’ username and password or data. Google and Firefox started giving a warning if someone fills out a form and the page is not SSL/TLS. If your site isn’t already SSL/TLS, we can install one for free using Let’s Encrypt. This setup is included in the $99 one-time setup fee.
- Uptime monitoring: We’ll add your site to our Uptime Robot account, which provides free monitoring of your website’s uptime and it will notify us if your site goes down so we can investigate and get it back up.