WordPress Site Hardening

In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services. —Wikipedia

WordPress has become VERY popular – around 1/4 of ALL websites are run on WordPress! The good news is that there’s a huge amount of development and support. The bad news is that hackers find it easy to target sites which are not kept up to date.

Step 1

The first step in avoiding problems is updating WordPress core files, plugins, and themes as soon as new versions are released.

A good number of update releases for WordPress and its plugins and themes include security fixes. Hackers know that, actively share notes on exploits, and seek out sites which are still vulnerable.

We know that, unfortunately, the majority of site owners aren’t as obsessive as we are about updating. So the first step is bringing everything up to date.

Step 2

The second step involves installation and configuration of several security plugins. Using these tools we quickly close up known holes in your defenses – from the default “admin” account and the default “wp-admin” login address, to protecting against brute force login attempts, to automatically blocking users snooping around for pages to exploit, and much more.

Steps 1 & 2 typically can be done for a one-time fee of just $35.00*. Contact us to get us started.

Step 3

Step 3 includes regularly monitoring your site for you, and updating as soon as possible (we say “within 48 hrs” but it’s usually much sooner than that).

Step 4

Step 4 is to take regular backups. If you’re not changing your site much, the monthly backups we perform as part of our monitor/update service is probably all you’ll need in the event you get hacked – or your server’s hard drive gets corrupted, or your ISP goes out of business.

Steps 3 & 4 cost $84.00/year for monitoring, updates*, and monthly backup to our cloud server. (Prerequisite: Steps 1 & 2).

More frequent backups or regular uploads to your dedicated Google Drive, Dropbox, AmazonS3, or OneDrive account are just $36.00/year.

 

Keeping your software up to date is not an absolute guarantee that you won’t be hacked, but it is strong insurance, and combined with regular backups can be the difference between a large headache and a large de-hacking cost, and an easy, inexpensive fix.

*Updates of WordPress core software and free plugins and themes from the WordPress.org repository (and many paid plugins and themes as well). Updating paid plugins and themes is not included in the annual cost if manual download/upload or configuration is required, but is available for additional cost dependent on the number of plugins/themes, and the complexity and frequency of released updates.