Security

Site Already Hacked?

I have successfully recovered many hacked WordPress sites. I also can fix situations where your site has been flagged by Google for “mal-ware” and warns visitors away from your site. Lost access to your WordPress Dashboard – also referred to as “white screen of death” – I can fix that too.

Backup + Security Hardening Programs for WordPress Web Sites

Backup, vulnerability scanning, security hardening and hacker recovery programs can be tailored to meet the needs of your web site. We provide a Free Evaluation of your site and will suggest the course of action that best suits your needs. In most cases, all the Program Components listed below can be provided at a package price of $295 per site. The package price can be reduced for sites not needing one or more of the components, such as sites already having backup protection or sites that do not allow comments.

Program Components

Scheduled Automatic Backup:

  • Install the Backup Buddy Backup tool, a premium WordPress plug-in
  • Install license
  • Run first full backup
  • Configure tool to run full backups of all web site files & database on a periodic basis. Backups will be stored locally on your server.

Security Scanning:

  • Install selected security scanning plug-ins
  • Run plug-ins to identify site vulnerabilities to mal-ware
  • Run security scan on entire file system – finds “backdoor scripts”, threat files and modifications to WordPress Core.
  • Delete or treat any mal-ware found
  • Update vulnerable software to most current version to reduce risk of further infection

Scanning also identifies mal-ware that has already infected a site, but is not visible to users of the site.

Security Access Hardening:

  • Evaluate existing passwords and user names for security issues
  • Make suggestions for modification of user names and passwords to make breaking into your website exponentially more difficult for hackers
  • Evaluate key web site configuration files for appropriate file permission levels
  • Change file permissions on files found to be too open to outside access
  • Install Authorization Keys in the WordPress configuration file if they don’t exist. Change the keys in the file if the site has already been hacked.

Plug-in, Theme and WordPress Version Evaluation:

Older versions of WordPress plug-ins can cause access points for hackers. We evaluate plug-ins used on your site for known problems.

  • Update active plug-ins to current versions
  • Evaluate active plug-ins to determine if the plug-in developer continues to maintain the software. Make suggestions for replacement plug-ins for any software that hasn’t been maintained for over a year.
  • Evaluate theme for current version status
  • Notify customer if theme is out of date. This program DOES NOT automatically update your theme because of the possibility that previous customizations made to the theme could be lost. If the theme is out of date, the customer may decide whether further work should be done to achieve a current version.
  • Evaluate whether WordPress needs to be updated to the current version. This may require matching plug-in and theme updates. In some instances, this step can change the appearance of your site. If this happens, the web site will be returned to the original version by restoring the backup created in the Backup component, above. In this case, you will receive an estimate of how much work is required to achieve current version status.

In some instances of sites that were developed years ago, then not maintained, the WordPress version is drastically out of date. Updating can cause plug-in & theme incompatibility. In this case, the customer receives an estimate of how much work is required to achieve current version status.

Every attempt will be made to successfully upgrade WordPress site components to current versions within the scope of this program.

Comments Update

  • Clear spam out of comments
  • Close comments on older posts to avoid new spam
  • Sites receiving a very high level of spam will receive recommendations for future mitigation

 

Notes:

If the site is found to already have been hacked, repairs may exceed the scope of this project. If this is the case, the client will receive a level of effort before any more work is done.

This program does everything that it can to protect your site, but cannot protect you from unwise practices by you or your employees, such as logging into your sites on insecure public wi-fi networks (e.g. coffee shops), or sharing password information without care.

Complete site evaluations require access to your administrative account on WordPress -AND- the administrative account at your web site hosting provider.

Sites that have already been hacked and have had all the data deleted or compromised can be very difficult to restore, especially if you do not have backup data. In this case, we can evaluate the level of effort & cost to rebuild your site. We can also help with re-establishing a connection with your web site host and/or domain registrar if you have lost access. These types of tasks are outside of the Backup & Security Hardening program and will be quoted with an estimated level of effort & hourly rate.

Program Details

Payments for this program may be made by business check or PayPal. Payments can be made up front, or with 50% payment to begin and the remainder to be paid on completion. Clients will be supplied with a detailed scope of work & simple consulting services contract. Work begins upon receipt of the first payment & with the receipt of the necessary administrative login information described above. Duration of the project is typically less than five business days.

More questions? Please email.