Chicago + Portland   877-899-9981

We are excited to offer our first annual Digital Growth Impact Grant. Are you a non-profit who could use some digital help? Learn more about our pro bono services and how to apply!

WordPress Update & Security Service

Cybersecurity breaches can lead to identity theft, lost revenue, denial of service attacks DDoS, and many other horrible outcomes. Safely serving your website and keeping it up to date is the responsibility of all businesses.

Security is a necessity

Security breaches have increased by 11% since 2018 and 67% since 2014.

Best Practices

It’s important to keep people that don’t belong from gaining access to your website and file system. Additionally, keeping your site online during an attack. We have a checklist of common settings that wards off attacks and keeps your website as safe as possible.

Image demonstrating security

Security Plugins

Implementing WordPress security best practices requires additional security plugins. Plugins that force you to follow best practices, like two-step authentication, HTTPS/SSL, file permissions, password complexity, and others. They also protect you from brute force attacks. 

Severe Vulnerabilities

You are busy and might not have time to review and react when a vulnerability is found. We monitor vulnerability announcements for all code and plugins used by our clients so that severe vulnerabilities can be patched as quickly as possible.

WordPress Core Updates

The main software platform officially released by WordPress is updated on a regular basis. These updates include usability improvements, security patches, and performance boosts. It’s important to stay on the latest version.

Plugin Updates

The WordPress plugin directory contains 55,000+ plugins. Some WordPress installations have over 20+ plugins installed. Any one of those could have a vulnerability and if it isn’t updated, your site could be at risk. 

Proactive Process

The wait and see plan isn’t good enough, security should be an important part of being a good digital citizen. Sites we manage are updated monthly, saved safely in source control (SCM), and tested by a human.

Our Process: Step by Step

Audit

Sites go through our security assessment and problem areas are cataloged and prioritized. From there we can build a plan to fix the issues.

Monitor

We watch vulnerability databases and install security plugins that provide essential customizations and auditing ability.

Patch

Software is patched monthly and settings are reviewed. After code is updated on a staging server, we have our team review the changes and update the live site.

Communicate

Monthly reports are sent to each of our customers notifying them that we have completed the updates and if any issues were found.

Frequently asked questions

How secure are WordPress sites?

WordPress isn’t hardened by default. Working with someone that doesn’t take security seriously might leave it that way. This doesn’t make WordPress insecure, most platforms are not entirely secure out of the box. Security starts with code and also involves your web server, password policies and best practice adoption (like two-factor authentication). With the right configuration, your website can be secure.

What if updating WordPress and plugins breaks my website?

Simple answer… Fix it. The cost of fixing code that is broken due to an upgrade is far cheaper than dealing with any kind of security issue. If you are at a point where you can no longer update your website because of breaking changes in your code, this is not where you want to be. Even if a plugin needs to be entirely replaced, it’s still a good idea.  

Why should I update my WordPress plugins?

If too much time goes on before updating your WordPress plugins, you might be at significant risk. Once a vulnerability is found, it becomes pubic knowledge. Hackers can easily exploit sites that don’t maintain their plugins with nasty attacks using Cross-Site Scripting (XSS), SQL injection, code injection or other attacks all designed to cause you havoc.

What should I do to keep my WordPress website secure?

Securing WordPress should be approached from the code, the server, and the configuration. At a minimum you should:

NOTE: If PCI or PII information is stored on your website there are additional steps that should be taken.

I don’t want to think about security should I just use Drupal or something?

Someone managing your site should focus on security. Weak security practices and bad code affects Drupal the same amount as WordPress. There is no such thing as a secure platform that does everything out of the box. In case you haven’t heard about Drupalgeddon2, a bug in Drupal allows remote attackers without special roles or permissions to take complete control of Drupal 6, 7, and 8 sites.

How are you notified about a security vulnerability?

New vulnerabilities are discovered all the time, either you or your agency should subscribe to a vulnerability database like WPScan. With a subscription, you can get real-time notifications when vulnerabilities are found. Our team knows the plugins used on each site that we’ve built and for customers that are using our WordPress update service they get their site patched quickly afterward.

Talk to Jesse

Would you like us to assess your website security?

We’d be happy to create a game plan for keeping your site secure.