WordPress Website Security

Protecting Your Site - Your Business - Your Clients


A Must See Video – 5 Minutes to Save Thousands

The map above shows real attacks happening to WordPress sites.  At the time of measurement there were 12,282 attacks per minute (map only shows 4% of these attacks).  The graph below  depicts the attacks measured over a 24 hour time period.

Note: The attacks identified above were all stopped by the security utility we subscribe to. It does not measure all of the millions of other attacks to unprotected sites.

Request a FREE Security Analysis of your Site.

FREE Analysis

OTSEO Security II

The purpose of this plan is to provide an up-to-date website environment that is secure from aggressive hacking attempts, while providing regular backups and quick restores in the event that the security scans identify an intrusion.  Most small to midsize businesses find this level of protection perfect for their needs.

Don’t Become a Statistic

“On average 30,000 sites are hacked each day.”

Get OTSEO Secure Now!

Defend your site from attacks you never knew existed

Direct Login Attacks

We limit the number of failed login attempts allowed per user. If someone is trying to guess your password, they’ll get locked out after a few tries.

Block Bad Users

Filters will be put in place to keep bad users and website scanners away from your WordPress site.  If we detect too many failed login attempts, too many page requests in too short of a time period, or if the access point is blacklisted, the system will throttle their access and/or block them completely.

Component Updates

Because WordPress is modular by design, there are many separate parts that need regular maintenance.  Hackers use these out-dated components to gain back-door access to a website. We will perform monthly updates to the CMS, Themes, plugins and utilities that become out-dated.

File Change Detection

If someone does manage to break into your site, they will probably add, change or remove a file. We will be alerted as soon as this happens giving us the best chance to repair the damage.

Scheduled Backups

We will perform regular database & full-site backups which are then stored securely in an off-site backup stash.

Robot Scanners Detection

If a robot (automated program) is scanning your site for vulnerabilities, it will generate a lot of low-level system errors. OTSEO Security will detect this activity and lock out the robot at its origin.

Here’s How It Works

  • Lock-Down website

    • Setup initial security protocol & standards with client
    • Remove weaknesses and strengthen WordPress structure
    • Setup security utilities and scanners
  • Backup

    1. Instillation of Backup and Recovery utility
    2. Weekly backup of the WP Database
    3. Monthly backup of the Full Website
    4. Storage of all backups on the Cloud (OTSEO Stash)
  • Routine Maintenance

    1. Monthly update of WordPress Version
    2. Monthly update of WP Theme
    3. Monthly update of all Plugins and Utilities
    4. Monthly scrubbing of all known issues reported by scanners
  • Monitor & Respond

    1. Daily scans for malware and/or attempted break-ins
    2. Lock-out visitors / crawlers attempting to break-in
    3. Monthly monitoring of Webmaster “Crawl Errors”
    4. Monthly monitoring of Webmaster “Security Issues”
  • Recovery

    If a hack is detected we will:

    • Attempt to identify entry point and seal it
    • Repair and recover the website
    • Assign all new security credentials

COST:  $195 Initial Setup + $65 per month

Get OTSEO Secure Now!

Have Questions?

No – OTSEO Security II  is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack.

No – WordPress sites make up the majority of our client base and we have the most experience with this CMS (Content Management System).

In most cases, On-Target SEO will receive notification the day of the hack.  We will immediately lock-down the site, change passwords, and work to isolate the affected areas.  If however, the hacker successfully built a back-door into your site, we will need to manually remove the malware, restore the site and potentially move to a new server.

This protection and maintenance plan provides for two (2) hours per year for malware removal and website restoration efforts.  For complex cases or larger sites, more time may be required which is billed at $100 per hour.

Absolutely – The first line of defense is a strong login ID and Password.  We never recommend using “Admin” as a login, and for the same reason, make sure all of your LoginID’s are more complexed than just your first or last name.  Likewise, your password should be complexed too.  The more complexed you make your Password the better off you will be.  We recommend 12 digits with a combination of letter, numbers and special characters.