WordPress Website Protection

Peace of mind in an uncertain, hacker-rampant Internet.

wordpress-security

How do we do it?

Security Solution Configuration

We install specially-designed security software that we personally use and trust. Then we configure the solution for maximum security to help keep your WordPress website safe from hackers and malware. Nobody likes a website that’s been targeted. Even more…nobody likes doing the work to keep it safe. That’s where we come in.

Let us do the hard work for only $50 per month!

WordPress Security

We perform frequent security checks and fixes to keep your site secure. Plus, we address any known vulnerabilities. For example, if a plugin or theme you are using is found to be a security risk we will update or delete it right away.

Brute Force Protection
We will limit the number of failed login attempts allowed per user. If someone is trying to guess your password, they’ll get locked out after a few tries. We can even whitelist your own IP address, so you’re allowed more login attempts without getting banned.

Strong Password Enforcement
We set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. This is one of the best ways to secure your site.

404 Detection
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. These are pages that do not exist on your website. We will lock out that IP address after the limit we’ve set has been reached (20 errors in 5 minutes is our default).

Hide Login & Admin
We change the URL of your login area and admin area so attackers won’t know where to look. This feature is also great to help clients remember their login link.

Lock Out Bad Users
We’ll keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they’re on a bot blacklist. We know who they are…do you?

Away Mode
Not making changes to your site 24 hours a day? We suggest making the admin area inaccessible during specific hours so that no one else can sneak in while you’re asleep in bed or at the movies.


Ready to get started?

Want the full checklist? …okay, here you go!

  1. Backup your files
  2. Backup your database
  3. Remove the meta “Generator” tag
  4. Change the urls for WordPress dashboard including login, admin, and more
  5. Completely turn off the ability to login for a given time period (away mode)
  6. Remove theme, plugin, and core update notifications from users who do not have permission to update them
  7. Remove Windows Live Write header information
  8. Remove RSD header information
  9. Rename “admin” account to something else
  10. Change the ID on the user with ID 1
  11. Change the WordPress database table prefix
  12. Removes login error messages
  13. Display a random version number to non administrative users anywhere version is used
  14. Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  15. Ban troublesome bots and other hosts
  16. Ban troublesome user agents
  17. Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  18. Strengthen server security
  19. Enforce strong passwords for all accounts of a configurable minimum role
  20. Force SSL for admin pages (on supporting servers)
  21. Force SSL for any page or post (on supporting servers)
  22. Turn off file editing from within WordPress admin area
  23. Detect and block numerous attacks to your filesystem and database
  24. Detect bots and other attempts to search for vulnerabilities
  25. Monitor filesystem for unauthorized changes
  26. Create database backups on a customized schedule
  27. Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
  28. Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.
  29. Works with Apache, LiteSpeed or NGINX
    (NGINX will require you to manually edit your virtual host configuration)
  30. Disable PHP execution in Uploads
  31. Force users to choose a unique nickname when updating their profile or creating a new account which prevents bots and attackers from easily harvesting user’s login usernames from the code on author pages.
  32. Disable a user’s author page if their post count is 0, making it harder for bots to determine usernames of users that don’t post to your site.
  33. If two-factor authentication is something you desire for the utmost security, we can help you with this. Just let us know.

We’re ready when you are. Secure your WordPress now!

Common Questions

What is malware and how does it affect me?

Malware is often disguised or embedded in non-malicious files, so you may not know your site is infected. Hackers use malware to gather sensitive information and get unauthorized access to your site.

Know your site is malware-free with scheduled malware scanning. The malware scanning works to analyze your site and identify malicious content, phishing software and suspicious code detected by a reliable network of antivirus engines and website scanners.

We set weekly scheduled scans of URLs and files so you know you have ongoing protection.

What happens if my site is compromised?

We will do everything within our power to clean up the site, remove defacements and track down malware. Our goal is to put the site back the way that it was as closely as possible. However, in order for us to offer this service, we require that our assigned security policies be kept intact for your protection. Any attempt to circumvent our security solution, disable necessary security protocols because they’re “inconvenient” or otherwise will hinder our ability to do our work properly. Not to mention your website may be vulnerable…and you may not realize it.

How long is my service term with you?

We currently require commitment of 12 months to the service. This ensures that we are able to make necessary changes over time to protect your website, and we will be able to notice trends in how people interact with your website. The longer you’re with us, the better the chance we have of noticing something you don’t…and can take action on your behalf.

Which version of WordPress will your service work on?

One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test our solution on the latest stable version of WordPress, and will only guarantee it works in the latest version. If you’re enrolled in our service, we’ll keep all that updated for you, so you have nothing to worry about!

Will this plugin completely stop all attacks on my site?

No. Our solution is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This service makes it a little easier for you to apply both.

Is this solution only for new WordPress installs or can I use it on existing sites, too?

Many of the changes made by this plugin are complex and can break existing sites. While iThemes Security can be installed on either a new or existing site, we strongly recommend making a complete backup of your existing site before applying any features included in this plugin.

Will this work on all servers and hosts?

Our WordPress security solution requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While the security service should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that we make a backup of your site before installing on any existing site.

If we run out of resources during an operation such as renaming your database table, we may need your backup to be able to restore access to your site. Finally, please make sure you have adequate RAM if planning to use the file change detector or make large backups.

What do you need from me?

In most cases, we only need your WordPress login and FTP access. In some extreme cases, we may require control panel access to your hosting account (cPanel, Plesk, etc.) and possibly SSH access. At this time, we only support Linux hosted WordPress installations.

Where can I get help if something goes wrong?

Official support is available for Ashworth Consulting customers currently subscribed to our service. Our team of experts are ready to help. To access support, please visit the client area to create a support ticket.

Top ^