Imagine a web of ultra-secure WordPress websites. We do.

This checklist will show how we ​make your site more secure than 99% of sites out there.

Here's how we take your WordPress website into the top 1% of secure sites

from this (oh dear!)

insecure website

to this (nice!)

1. Backup

The very first thing we do when we connect to your website is to take that all-important backup.  That way if anything goes wrong or if you don't like what we do we can get back to where we started with just a few clicks.

2. Analyse

Next, we'll run your site through blacklist tests and security scans to see if there are any major problems.  We'll then manually check it using our own security checklist and note everything we find.

3. Get to work

This is where the technical magic happens.

Every site is different but we typically do most of the optimisations you see listed below.

4. Re-Analyse

At this point your site is already much more secure but we don't stop there. Our plans include constant monitoring and we continuously tweak your site so keep it rock solidly protected.

During these steps we'll contact you with our questions and our further recommendations. We usually have some customised suggestions related to the security of your specific site.

The final decision about your website, though, is always yours.

Free premium extras with our plans

Our Entrepreneur and Business plans include extra rock-solid protection with these extra premium services from one of the most respected names in online security, Sucuri, at no extra cost to you!

Safer and Faster with Sucuri

Sucuri's best of breed website firewall application is a separate application that filters your website traffic, stopping anything dangerous before it even reaches your site. Protects against DDoS attacks, filters fake bot traffic and simply blocks the bad guys before their traffic even reaches your site.  It even includes a lightning-fast CDN that we set up for you for FREE (usually $120 p.a.)

The most respected malware cleanup service from Sucuri is included FREE (usually $200) when you subscribe to either the Entrepreneur or Business plan.

Went the extra mile!

Wow, awesome! I open my website and it flows. Just flows. Everything is smooth and fluid; nothing hinders my user experience any more.WPStrands spontaneously went the extra mile to make it happen despite significant technical difficulties related to the specific setup of my website. They proactively took the lead to work around them, while keeping me informed about it all the way.

Gabrielle Ortais

Always there ...

... always there, prompt, enthusiastic, creative and generous, maintaining and improving both of my sites without a flaw.

Jennifer Harvey Sallin

Some Optimisations We Do

Daily Cloud Backups

We save your WordPress files, plugins, themes and database to our secure Amazon S3 servers in the cloud.  Every day.

Install Updates Regularly

We apply the latest WordPress core, theme and plugin fixes and security patches to your site every Monday.

Daily Malware Scans

We run daily scans against the best malware databases and alert you immediately if anything unusual is discovered. We’ll also repair the infected files for you.

Install a Firewall to Block DDoS Attacks

A firewall dramatically increases your website security, keeping out Distributed Denial of Service (DDoS) attacks.  A real, separate firewall is best, not one built into a plugin running on the same server as your website.

We install the best of breed Sucuri firewall on your site. This automatically blocks the bad guys before they even reach your site.  Plus it comes with a built in CDN for a dramatic speed boost!.

Block dangerous IP addresses

If you notice the same computer visiting your website over and over again, it’s most likely a hacker bot trying to gain access.  Stop them as soon as possible to avoid disaster.

Again, we block these attackers before they ever reach your website with our independent leading edge website firewall.

Stop Brute force attacks

All those failed logins in your logs?  They’re bots trying to get into your site by guessing passwords.  You need to stop them because a) they might guess correctly and b) they’re stealing your bandwidth and CPU time

With our solid security measures, this behaviour is detected and blocked automatically.

Monitor threats in Real time

Set up round-the-clock monitoring to alert you if your site goes down for any reason; failed updates, a crashing server or hacking.

Our 24-hour monitoring will alert us immediately if your site goes down and we’ll get it back up in no time.

Protect your Database

The heart of your website is the database and the most common attacks on WordPress websites are cross site scripting (XSS) attacks. They can be deadly for your site so stop them from ever reaching your database.

Our best in class Sucuri cloud firewall will block most of them from ever getting near your database

Force secure account names and passwords

Cover the basics. Don’t use a default administrator account on your site and enforce strong passwords for all users. 

WPS - We manually check your user names to make sure it’s nearly impossible for a bot to gain access through a brute force attack. We’ll also require all new users to use strong passwords.

Use a secure connection with an SSL cert (HTTPS)

Quite simply, Google and your visitors will trust you more. Your website should have one installed to encrypt traffic to and from your website.

WPS - We’ll help you set up a free SSL from LetsEncrypt or, if that’s not possible, we’ll advise you on exactly how to do it.

Scan your Plugins & Themes for integrity 

How do you know if a hacker or bot has changed any of your website files?  You need to check your theme and plugin code against known good code daily to be sure.

We do that for you every day and get alerted if something looks different to the way it should.

Check Plugins for vulnerabilities

Plugin problems are regularly found by the good WordPress guys and the not so good hackers.  You need to know these vulnerabilities as soon as possible and you need to know if any of your plugins have them.

We’ll scan your site every, single day and get alerted as soon as a vulnerability becomes known.

Improve server response time

There's not much you can do if your server is slow.  But we'll certainly help you move to a more suitable hosting plan

Evaluate Your WordPress Theme

Could your theme be doing things that slow down your site?  We'll find out and fix it

Avoid Image Hotlinking

People linking to your images mean your bandwidth is used to show content on their site.  Not nice. We'll fix that

Minimise redirects

Cut out any unnecessary hops to find the right page to load

Remember, it’s not all about scoring highly on Google’s Pagespeed Insights test. But a good score certainly doesn’t hurt! Check our plans

All of the above, plus you get a weekly or monthly report detailing all the work we’ve done on your site.

Click here to see a sample report

Why Choose WPStrands?

We never stop optimising

We don't just optimise your WordPress website and then hand it back to you. We're in this for the long term as your technical partner.  

That means we optimise your site and we keep optimising it.  We'll continuously tweak things to make sure you keep your hard-earned rankings.

A true expert partnership

We aren't some fly-by-night WordPress maintenance company made up of wannabe entrepreneurs with no technical training.  

We've been through the corporate merry-go-round and we know what it means to work professionally.