What happens

When you sign up

Below you will find the steps we take after a scan has revealed potential vulnerabilities in your WordPress site.

1. Communication

First we talk with you about the scan results for your WordPress site, identifying the site’s problems and or vulnerabilities. We then ask for access to the site so we can get started fixing the problems.

Ideally, we would like all access details including; FTP, MySQL (PHPMyAdmin), WordPress logins, SSH (if possible). However the minimum access we need is as an administrator to the WordPress backend (URL, Login, Password).

Don’t email your passwords! For security reasons we don’t recommend sending these details by email. To leave us your details please go to:

Protect my site

We understand that you may prefer to communicate this information over the phone, if so please contact us on:

03 353 2770

2. Creation of site backups

Next we take a backup of the site and verify that it is a working backup. This is a crucial step: when we update or fix the website, we’ll make changes to the WordPress code. If anything goes wrong during this phase, we can easily restore the site from this backup.

This is a good time to review the backup policies of your web host. It should be robust, and easy to retrieve a backup.

3. Updating to the most up-to-date versions

This is where we update the core WordPress software to the most recent version. Then we start updating all plug-ins and the theme within the website. After each update we will test the site to make sure that everything is working correctly.

As part of this process we will also delete any unnecessary themes and plug-ins, as these may be used to hide malicious code that could be hacker back doors.

4. Checking for malicious software

We will scan your web sites files for known malicious scripts. We will document and remove any we find from the website.

This level of scanning requires that we have SSH level access to your WordPress site.

5. Set up long term protection

There are two parts to ensuring long-term protection: beefing up the protection of your website, and ensuring that your web hosting is hardened against hacker attacks.

WordPress Protection

We will install plug-ins to protect your site from potential threats in the future, this protection includes:

  • Enforcing strong passwords
  • Two factor authentication (if required)
  • 404 detection/protection
  • Admin away mode
  • IP Blacklist
  • Brute force protect
  • File change detection
  • Hide WP Login
  • Restrict login to specific countries
  • Malware scan
  • Disable PHP in uploads directory

Ensure your website is hosted safely

Lastly, we have to talk about your hosting environment. Even if we do everything possible to protect your WordPress website, hackers can still get in if the web hosting is compromised.

These are the questions you’ll have to consider:

  • Is the web server hardened against hackers?
  • If a hacker gains access to somebody else’s unprotected website on the same server, can they break into your website?
  • Is data backed up around the clock, stored off-site, and available on short notice?
  • Can your website be switch over to another facility in another town when natural disaster strikes?

If you have any concerns about the hosting of your website, we can help you with robust, secure website hosting.

In addition to hosting your site on a protected web server, we will also add your site to our automatic update console, which will keep your site up to date with any future core WordPress or plug-in updates.

The next step is in your hands

To leave us your details please go to:

Protect my site

Or call us on:

03 353 2770

About us

20+ years experience

Protect WordPress is a service offering from Wired Internet Group, a web design and development company, based in Christchurch, New Zealand.

Wired Internet Group is an industry leader in website design, usability, development, and implementation. Creating unique, functional websites for more than 20 years.

Find out more