WordPress Update & Security Service
Cybersecurity breaches can lead to identity theft, lost revenue, denial of service attacks DDoS, and many other horrible outcomes. Safely serving your website and keeping it up to date is the responsibility of all businesses.
Our Process
Audit
Sites go through our security assessment and problem areas are cataloged and prioritized. From there we can build a plan to fix the issues.
Monitor
We watch vulnerability databases and install security plugins that provide essential customizations and auditing ability.
Patch
Software is patched monthly and settings are reviewed. After code is updated on a staging server, we have our team review the changes and update the live site.
Communicate
Monthly reports are sent to each of our customers notifying them that we have completed the updates and if any issues were found.
FAQ Frequently Asked Questions
How secure are WordPress sites?
WordPress isn’t hardened by default. Working with someone that doesn’t take security seriously might leave it that way. This doesn’t make WordPress insecure, most platforms are not entirely secure out of the box. Security starts with code and also involves your web server, password policies and best practice adoption (like two-factor authentication). With the right configuration, your website can be secure.
What if updating WordPress and plugins breaks my website?
Simple answer… Fix it. The cost of fixing code that is broken due to an upgrade is far cheaper than dealing with any kind of security issue. If you are at a point where you can no longer update your website because of breaking changes in your code, this is not where you want to be. Even if a plugin needs to be entirely replaced, it’s still a good idea.
Why should I update my WordPress plugins?
If too much time goes on before updating your WordPress plugins, you might be at significant risk. Once a vulnerability is found, it becomes pubic knowledge. Hackers can easily exploit sites that don’t maintain their plugins with nasty attacks using Cross-Site Scripting (XSS), SQL injection, code injection or other attacks all designed to cause you havoc.
What should I do to keep my WordPress website secure?
Securing WordPress should be approached from the code, the server, and the configuration. At a minimum you should:- Host website on a secure web server over HTTPS - Follow WordPress hardening practices - Enforce secure password requirements - Enable Two-Step Authentication NOTE: If PCI or PII information is stored on your website there are additional steps that should be taken.
I don’t want to think about security should I just use Drupal or something?
Someone managing your site should focus on security. Weak security practices and bad code affects Drupal the same amount as WordPress. There is no such thing as a secure platform that does everything out of the box. In case you haven’t heard about Drupalgeddon2, a bug in Drupal allows remote attackers without special roles or permissions to take complete control of Drupal 6, 7, and 8 sites.
How are you notified about a security vulnerability?
New vulnerabilities are discovered all the time, either you or your agency should subscribe to a vulnerability database like WPScan. With a subscription, you can get real-time notifications when vulnerabilities are found. Our team knows the plugins used on each site that we’ve built and for customers that are using our WordPress update service they get their site patched quickly afterward.