Imagine a web of ultra-secure WordPress websites. We do.
This checklist will show how we make your site more secure than 99% of sites out there.
Here's how we take your WordPress website into the top 1% of secure sites
from this (oh dear!)
to this (nice!)
The very first thing we do when we connect to your website is to take that all-important backup. That way if anything goes wrong or if you don't like what we do we can get back to where we started with just a few clicks.
Next, we'll run your site through blacklist tests and security scans to see if there are any major problems. We'll then manually check it using our own security checklist and note everything we find.
3. Get to work
This is where the technical magic happens.
Every site is different but we typically do most of the optimisations you see listed below.
At this point your site is already much more secure but we don't stop there. Our plans include constant monitoring and we continuously tweak your site so keep it rock solidly protected.
During these steps we'll contact you with our questions and our further recommendations. We usually have some customised suggestions related to the security of your specific site.
The final decision about your website, though, is always yours.
Free premium extras with our plans
Our Entrepreneur and Business plans include extra rock-solid protection with these extra premium services from one of the most respected names in online security, Sucuri, at no extra cost to you!
Sucuri's best of breed website firewall application is a separate application that filters your website traffic, stopping anything dangerous before it even reaches your site. Protects against DDoS attacks, filters fake bot traffic and simply blocks the bad guys before their traffic even reaches your site. It even includes a lightning-fast CDN that we set up for you for FREE (usually $120 p.a.)
Some Optimisations We Do
Daily Cloud Backups
We save your WordPress files, plugins, themes and database to our secure Amazon S3 servers in the cloud. Every day.
Install Updates Regularly
We apply the latest WordPress core, theme and plugin fixes and security patches to your site every Monday.
Daily Malware Scans
We run daily scans against the best malware databases and alert you immediately if anything unusual is discovered. We’ll also repair the infected files for you.
Install a Firewall to Block DDoS Attacks
A firewall dramatically increases your website security, keeping out Distributed Denial of Service (DDoS) attacks. A real, separate firewall is best, not one built into a plugin running on the same server as your website.
We install the best of breed Sucuri firewall on your site. This automatically blocks the bad guys before they even reach your site. Plus it comes with a built in CDN for a dramatic speed boost!.
Block dangerous IP addresses
If you notice the same computer visiting your website over and over again, it’s most likely a hacker bot trying to gain access. Stop them as soon as possible to avoid disaster.
Again, we block these attackers before they ever reach your website with our independent leading edge website firewall.
Stop Brute force attacks
All those failed logins in your logs? They’re bots trying to get into your site by guessing passwords. You need to stop them because a) they might guess correctly and b) they’re stealing your bandwidth and CPU time
With our solid security measures, this behaviour is detected and blocked automatically.
Monitor threats in Real time
Set up round-the-clock monitoring to alert you if your site goes down for any reason; failed updates, a crashing server or hacking.
Our 24-hour monitoring will alert us immediately if your site goes down and we’ll get it back up in no time.
Protect your Database
The heart of your website is the database and the most common attacks on WordPress websites are cross site scripting (XSS) attacks. They can be deadly for your site so stop them from ever reaching your database.
Our best in class Sucuri cloud firewall will block most of them from ever getting near your database
Force secure account names and passwords
Cover the basics. Don’t use a default administrator account on your site and enforce strong passwords for all users.
WPS - We manually check your user names to make sure it’s nearly impossible for a bot to gain access through a brute force attack. We’ll also require all new users to use strong passwords.
Use a secure connection with an SSL cert (HTTPS)
Quite simply, Google and your visitors will trust you more. Your website should have one installed to encrypt traffic to and from your website.
WPS - We’ll help you set up a free SSL from LetsEncrypt or, if that’s not possible, we’ll advise you on exactly how to do it.
Scan your Plugins & Themes for integrity
How do you know if a hacker or bot has changed any of your website files? You need to check your theme and plugin code against known good code daily to be sure.
We do that for you every day and get alerted if something looks different to the way it should.
Check Plugins for vulnerabilities
Plugin problems are regularly found by the good WordPress guys and the not so good hackers. You need to know these vulnerabilities as soon as possible and you need to know if any of your plugins have them.
We’ll scan your site every, single day and get alerted as soon as a vulnerability becomes known.
Improve server response time
There's not much you can do if your server is slow. But we'll certainly help you move to a more suitable hosting plan
Evaluate Your WordPress Theme
Could your theme be doing things that slow down your site? We'll find out and fix it
Avoid Image Hotlinking
People linking to your images mean your bandwidth is used to show content on their site. Not nice. We'll fix that
Cut out any unnecessary hops to find the right page to load
Remember, it’s not all about scoring highly on Google’s Pagespeed Insights test. But a good score certainly doesn’t hurt! Check our plans
All of the above, plus you get a weekly or monthly report detailing all the work we’ve done on your site.
Click here to see a sample report
Why Choose WPStrands?
We never stop optimising
We don't just optimise your WordPress website and then hand it back to you. We're in this for the long term as your technical partner.
That means we optimise your site and we keep optimising it. We'll continuously tweak things to make sure you keep your hard-earned rankings.
A true expert partnership
We aren't some fly-by-night WordPress maintenance company made up of wannabe entrepreneurs with no technical training.
We've been through the corporate merry-go-round and we know what it means to work professionally.