WordPress Website Security Service

Can you afford to have your website down for days, if not weeks because your website has been hacked?

We are here to protect your website from hackers and malicious actors. 

About This Service

  • This is a once-off service
  • You must provide us with access to your web hosting control panel such as cPanel or KonsoleH
  • The turnaround is 15 working days.
  • We have been securing WordPress websites since 2014
  • It excludes multi-sites. Please enquire.
  • We only work on Linux-hosted websites

Who Will Benefit?

  • Those with websites and does not know whether their website(s) are up to date.
  • Those who want a more affordable alternatve to secure their website(s)
  • Those who run critical mission websites such as online stores and cannot afford a hacked website
  • Those who don't want to lose their reputation due to a hacked website showing unpleasant content

Update WordPress

WordPress will be updated to the latest version.

Update Plugins

Plugins will be updated

Update the Theme

The theme will be updated, if need be.

Implement Firewall

Implementing a firewall is one of the best ways to keep hackers out. This include effective blocking options to keep suspicious traffic away from your website.

2-Factor Authentication

2-factor authentication prevents any would-be hackers from gaining access to your site through means of brute force attacks.

Check Folder & File Permissions

Incorrect file and folder permissions can cause errors on your WordPress site during upload.

Disable PHP File Execution

Disabling PHP execution in certain WordPress folders prevents an attack or compromise from taking place because PHP cannot be executed at all.

Enforce Strong Passwords

WordPress will be toughened up by enforcing strong passwords for the database and Administrators for improved security.

Lock Out Certain Usernames

We have a ready made list of usernames which are used by hackers an malicious actors. Those are added to the security to block login attempts immediately.

Brute Force Protection

A Brute Force Attack consists of a large amount of repeated and automated attempts at guessing your username and password to gain access to your website.

Implement SSL Certificate

Your web address will start with https which will protect data that is transmitted between a computer and the server. The data will be encrypted.

Check PHP Version

Outdated PHP versions with vulnerabilities will open your website to hackers. Having the latest version of PHP on your website will result in performance improvements.

Limit Login Attempts

Login attempts will be limited to four for either an invalid username or password. Thereafter, the individual will be blocked for a certain time.

Block Malicious Bots

Google bots crawl websites with good intentions. Other bots crawl with nefarious intentions which must be blocked since they can overload your website.

Delete Unnecessary Themes

Themes which are not utilised will be deleted. Only two themes will remain, the active theme and a default WordPress theme.

Delete Deactivated Plugins

We will delete plugins which have been deactivated since it can pose a security risk. The client must indicate beforehand which deactivate plugins must not be deleted.

Run a Security Scan

A security scan will be run on the website. Ay issue flagged by the savn will be raised with the client, if the issue is not within the scope of this Wordress Security Service.

Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files. In the wrong hands, this feature can be a security risk.

Change Database Prefix

By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is

Password Protect WordPress Admin

Hackers can request your wp-admin folder and login page without any restriction. This allows them to try their hacking tricks or run DDoS attacks.

Disable Directory Indexing & Browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.

Disable XML-RPC in WordPress

XML-RPC was enabled by default in WordPress 3.5 because it helps connecting your WordPress site with web and mobile apps. Because of its powerful nature, XML-RPC can significantly amplify the brute-force attacks.

Automatically Log Out Idle Users

Logged in users can sometimes wander away from screen, and this poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.

Order Service