WordPress Security Services
WordPress Security for New Websites
For every new WordPress website we build, we include a security checklist for WordPress which includes the following:
- WordFence Security Plugin – Firewall, Malware scanning, and login security features
- Each new plugin checked to make sure it is updated often and highly rated
- Prevent directory browsing
- Protect wp-config.php file
- Protect .htaccess files
- Disable default theme editor (allows administrators and anyone who gains access to your site to edit theme code)
- Prevent File Execution in uploads directory
- Automated backups (we recommend offsite backups)
- Remove unused themes and plugins
- Check PHP version
- Contact form spam prevention (re-captcha or alternative)
- Login security captcha or 2FA
Hacked WordPress Websites
You may not be able to tell if your WordPress site has been hacked. Here are some things that we look for when checking if the site is hacked:
- Files in the root directory that are not included in the WordPress Core
- PHP files in Media Library folders
- Spammy looking search results for your website
- Your website mysteriously redirects to a contest website, but it doesn’t do this all the time
- Slow website
- Unknown user accounts
- Malware shows in malware scanning tools
- Plugin files don’t match files in WordPress plugin directory
- The hacker has edited your website content to say that they’ve hacked it.
- Your domain has been blacklisted or Google shows a warning in search results for your site
- Code in wp-config.php that doesn’t belong there
We Fix Hacked WordPress Sites
If your site has been hacked, and even if you can no longer gain access to your WordPress admin, we may be able to help restore your site and reputation. Our hacked site restoration service includes:
- Regaining access to WordPress
- Removing malware
- Identifying security vulnerabilities
- Plugin replacement (for insecure plugins)
- Password changing: WordPress Admin, Hosting, Database, FTP, cPanel
- Secure hosting recommendations and migration support
- Restoring domain reputation and blacklist removal (after fixing the site)
- Hack prevention (our WP security checklist above)
We follow standard methods for restoring WordPress recommended by WordPress.org.
Why you should care about WordPress security?
If your website is insecure, you could run into a variety of issues. For example, malware on your website could infect your computer. You could be infected by ransomware that demands payment for restoring the site. Hackers could hijack your online payment systems and direct payments to their own accounts. Your site could also be used as a tool to infect other websites.
If you’re still using an insecure password or a password that you’ve used on another website, your site could still be hacked. The WordFence plugin that we install for clients checks for passwords that have been breached and prevents you from creating insecure passwords. It also offers 2 Factor Authentication, one of the safest ways to login to your website.
Use this website to check if your password has been exposed in data breaches: Have I Been Pwned
Secure WordPress Hosting Plans
If it’s a good fit for your website, we can help you find a WordPress hosting plan that includes security features, smart auto-updates, automated backups, SSL certificates, and support. Our recommended web hosting company will help you if your website is hacked, rather than shutting your website down without warning.