Audits
A thorough appraisal of the current state of your WordPress website. Gain insights on how to improve with our list of recommended actions.
Security
Watch what our client Michelle says about her experience hiring us to secure a hacked WordPress site:
A hole in security at the website level can cancel out all of the nice sounding protections provided by your hosting and DNS.
The fact is, a WordPress website is the weakest point these days.
WordPress itself, is fairly secure (sort of), but the huge ecosystem of WordPress is a double-edged sword.
Those wonderful plugins and themes all bring with them potential vulnerabilities.
“Oh, I know just the fix”, you say, as you install the do-it-all security plugin.
Hold on though, you’re installing another plugin to fix the issue brought on by plugins. Let’s think about this.
Every addon to your site increases what is known as “attack surface area”. That means that you are adding to the probability that you will have a vulnerability, not decreasing it.
On top of that, the big name security plugins leave much to be desired, and their marketing can be misleading. In fact, Security researchers show that WordPress Security Plugins are “failing entirely and even the most effective plugins failing to identify significant vulnerabilities” [1]. We know this because we see it almost every time we do an audit. Someone will have a big-name security plugin installed and think that the security checkbox is checked, when in fact it’s not the case.
We offer a better approach to this game of plugin whack-a-mole.
We realize that every WordPress site is unique and has its own set of security challenges. With our specialized WordPress security audit, work and monitoring we can help you avoid a potentially embarrassing and costly security situation.
We can even work within the constraints of modern WP hosting providers, by finding creative security solutions.
Get a hold of us today to schedule your security audit. We will do a thorough check of your site, and provide you with a full report along with a list of recommendations.
[1] MURPHY, Daniel T.; et al.; “Plugins to detect vulnerable plugins: An empirical assessment of the security scanner plugins for wordpress”. In: 2021 IEEE/ACIS 19th International Conference on Software Engineering Research, Management and Applications (SERA). IEEE, 2021. S. 39-44.
F.A.Q.
What do I need to provide for my security audit?
For WordPress security audits, we’ve streamlined the process with a simple form. Our priority is to handle your sensitive information with the utmost care, ensuring it’s collected only when necessary and transmitted securely.
If we store your sensitive info, it will be done so only in encrypted cold storage.
How long does it take?
Most of our WordPress security audits are completed within a week, ensuring a swift and efficient review of your site’s security posture. However, the duration can vary for some websites, depending on their current state and specific complexities. Throughout the process we’re committed to thoroughness and communication.