Skip to content

Content Management Systemen such as WordPress are constantly scrutinized by hackers. They do this to highjack the site via a leak to attack other websites or to just put spam on your website. Sometimes even all of the above. To do great WordPress Security, monitor your website and to prevent brute force password attacks a lot has to be done. To prevent spam or malware injections is not an easy task. Not even with existing plugins and or scripts. But no worries. Let us take care of it while you work doing what you do best.

Prevention

Besides backing up your website, which is great prevention, there are a number of WordPress Security prevention tools that we use. We use state of the art security plugins such as Wordfence and or iThemes Security to monitor your website. We use general monitoring using iThemes Sync.We use .htaccess authentication to block brute force access in certain cases.

If we manage the server for you, we go even further. We implement server level security such as Fail2Ban Firewall, configure ip tables and harden file and folder rights and permissions. And we also use the Bedrock WordPress Boilerplate for better password security and webroot isolation.

WordPress Security Plugins

These plugins – Wordfence and iThemes Security – help us deal with all kind of possible issues that could occur or happen. They are great plugins by great companies with free versions as well as premium ones. They help us with:

iThemes is great for us as we can integrate it with the iThemes Synch which we use for general monitoring and updates as well.

Bedrock WordPress Boilerplate

We use Bedrock, Modern WordPress Stack. We use this for our managed WordPress sites as it does not work well on shared hosting sites. It is a boilerplate or WordPress stack that organizes your WordPress in a more logical way. Bedrock does plugin,  theme and core management with Composer. WordPress Security wise it does the following:

Two tweaks that can make all the difference for your website.

Monitoring

As mentioned we use iThemes Sync Pro for monitoring all our clients’ websites. It is an online panel provided by iThemes that allows us to monitor several things that matter. It monitors uptime, plugin, theme or WordPress updates. It also integrates fully with iThemes Security to show us what is happening on the security side of things.

iThemes Sync Pro

 

Trellis Secure WordPress Server

At a server level we also take care of security. This again is the case when we do full server management. In that case we always use Trellis. It is an awesome ansible playbook to runs a local, staging and production environment all in one with hardened WordPress Security. It adds the following components to make your server more secure:

Often this security is solid enough to even go without the earlier mentioned security plugins.