DEFEND YOUR SITE FROM ATTACKS YOU NEVER KNEW EXISTED.
As hacks and security breaches become more of a concern for anyone running a WordPress website, it’s important to have someone who can take care of your website security and maintenance.
Thousands of websites are hacked every day. WordPress sites are easy target for attacks because of many obvious reasons like plugin vulnerabilities, weak passwords, and outdated version of the framework itself. Most of the WordPress admins don’t even realize that they’re vulnerable and leave their websites without giving it the security measures and tools that it requires.
Website security is a complicated subject, and you don’t want to go at it alone, especially if you’re not quite sure how everything works. WordPromise provides instant support, so you know our team is ready to help you when you need it.
Your website backups are scheduled and saved on our secure cloud storage. We can also save them on your server as required along with our cloud. In case a restoration is required, a backup will always be available to get restored.
Our monitoring team will keep a check on various hacking attempts in real-time through scanning tools, automated monitoring logs and APIs. Our experts are immediately notified of a possible security threat and respond quickly for appropriate actions based on the threat level.
Our experts will configure your security to block suspicious traffic and activities away from your site. This includes banning the bad hosts, preventing the brute force attacks, hitting multiple 404 error pages and setting up away mode so that there is no access to admin panel in non-business hours.
We perform daily cleaning of table overhead in your WordPress database to keep your website running at top speed. Our team secures your database from SQL injection attacks, which add unwanted content through the database. This is one of the common website attack methods by the bad elements. We also make sure the default prefix or default admin ID are changed.
With WordPress two-factor authentication, users are required to enter both a password and a secondary code sent to a mobile device or email ID. Both the password and the code are required to successfully log in to a user account. Two-factor authentication adds an extra layer of WordPress security to verify it’s YOU who is trying logging in.
We protect your site against attackers that try to randomly guess login details to your site. If anyone has unlimited time and wanted to try an unlimited number of password combinations to get into your site, they eventually would, right? This feature will ban the host user from attempting to log in again after the specified bad login threshold has been reached.
Your website is automatically scanned daily for known and new malware, malicious code and potential backdoors. If the scans find any compromised file, our team will repair immediately. We use Sucuri SiteCheck to power the WordPress malware scan and configure the system so that we receive a notification email if a problem is found and we can act immediately.
We configure various core level security checks like making sure there is no publicly available logs, no public PHP info files, filtration of suspicious Query Strings in the URL, Non-English Characters and Long URL Strings. These activities are essential to avoid any instance of a breach in the default setup of WordPress framework.
We make sure that only utilized themes and plugins are installed. We verify if they are updated & actively maintained. This includes the inspection of high-risk themes and plugins. The theme and plugin integrity checks are important to make sure website functionalities are not disrupted because of outdated functions. We shall also notify if there is a high-risk plugin with a fix patch available from the author.
We set/force strong passwords for high level user’s roles on your website such as admins, editors etc. Strong password enforcement is one of the best ways to lock down WordPress. We usually define a password expiry as well, which normally require a collaboration to fix the expiry duration.
We will support in the installation of an SSL certificate. Your URL will start with https, all the data on your site will be encrypted, and your visitors will feel secure. You will need to buy the SSL certificate, though.
404 detection assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and our security settings shall lock them out according to the severity of the number of 404 hits.
We prevent public access to important system files such as wp-config.php and .htaccess file. These files can give away important information on your site, which can expose the website. We make sure there are appropriate permissions are established to the core files. We also prevent users from seeing a list of files in a directory when no index file is present.
We will setup the firewall smartly to block traffic from specific locations or IPs. If someone tries to access your dashboard or files more than once, we’ll lock out their IP address. IP address or host can be banned in various situations like 404 detection, known IPs, bad logins, default admin login etc.
We will check and remove junk comments on a weekly basis and keep your website and dashboard uncluttered. It also makes sure that there is no junk data in your database and database remain optimized.
We will create security procedures for unknown/unauthorized devices, along with Session Hijacking protection and lock down the access to your WordPress website and protect it from compromises to user logins.
We shall set up a system to assess the security of all your WordPress user accounts at one time and act on them if needed. User-level security is essential for protecting your WordPress sites.
If you want, we can change your WordPress dashboard login URL from /wp-admin to /your-own-url. That way, bots and hackers can’t find your login page so easily. However, with their security processes, this is not absolutely important but a good to have measure.
We scan your website daily for any links on the website to suspicious content or broken pages. We’ll make appropriate modifications and adjust the link accordingly.
You will receive a detailed report every month with all the activities and items performed during the audit. This includes any failed item which require your attention and a follow-up. Also, WordPromise WordPress Plugin will be installed on your website so that you get direct feeds and reports from WordPromise System.
You will get a comprehensive report of your website’s vulnerabilities and fixes every month. This report will include all the tasks performed during the audit. You will get all feeds from our system to your website dashboard once you have our plugin installed. Providing monthly report doesn’t really mean that we monitor or review your website once in a month, rather, it is a continuous daily event. We maintain a log of all activities and submit once in a month.
We’re available via email (support@wordpromise.com), Support Ticket Dashboard to answer your questions and troubleshoot any issue.
Your information and logins details are completely safe with us. WordPromise enforce the stringent data policy for all its users. We do not share any private data at any cost.
We always ensure a prior backup before any scheduled activity from WordPromise. There are no chances of data loss, as all our activities are fully backed by data backup strategy.
We’re not very enthusiast for one-time audits. Further, we believe in long term alliances by considering the fact that any WordPress website security is an ongoing process and it require a technical partner to frequently monitor all the technical indicators to keep the websites faster and secure. Plus, when it comes to security and website speed, one-time changes are simply not effective.
There are questions that are asked by new customers pretty often, so we’ve put together a list of Frequently Asked Questions (FAQs) to help answer some of your initial questions.
If you don’t find an answer to your questions through these FAQs, please reach out to our support staff, and we will get an answer out to you quickly.
