Every day, over 40,000 websites are compromised, most often because they didn’t do the bare minimum required to protect themselves. When a website is compromised, hackers will often use it for criminal activity, damaging your business’s reputation. If you have a membership or ecommerce site, you also have an obligation to protect your users data.
Paying for professional security management protects your business from disruption and reputation damage. It ensures that your site will stay available and secure and gives you peace of mind that you have taken responsible steps to protect your business and client data.
I use the WordFence firewall, of all firewalls I choose wordfence because it is customised specifically to protect WordPress and learns about your sites unique usage patterns and how to protect it.
Patchstack maintains a database of the latest vulnerabilities and releases "Virtual Patches" which can protect your site immediately before the plugin has been fixed. The patchstack license alone would normally cost you $79US/month which is more than my basic care plan!
I check for common administrator mistakes such as leaving backup files public in the webserver root, set sensible defaults, and disable any WordPress or access features that aren't required.
Whether your current host uses nginx, apache or litespeed, I ensure it's blocking access where appropriate, setting security headers where appropriate and using the latest encryption at all times. For my own infrastructure I use hardened and up to date linux servers running nginx or litespeed with the bitninja firewall and malware scanner.
This is tedious but vitally important for wordpress security. I ensure that plugins, themes and wordpress core are updated every week, and all updates are tested. I do have visual regression tools that help with this, but there's also a lot of manual testing to make sure that your site stays up to date and stable.
Despite following all security best practices, it is still possible that a security incident may occur. I use several forms of suspicious activity monitoring so that I will be notified immediately. When a website is compromised, hackers may take some time to exploit their access. This gives us precious time to kick them out and restore the site's security before any serious harm can be done. In addition to this, I use visual regression monitoring and traditional uptime monitoring, so that I will be notified if your site changes for any other reason.
I believe that the unique service I provide is in the support, prompt communication and effective action to make sure that you are not left waiting for a response from a level 1 offshore technician but speak directly to the engineer responsible for keeping your site secure and available.
