Hacking Prevention

WordPress security

Your Best Defence Against Being Hacked

The world wide web can be a dangerous world to play in. Your website – like any other online software – is subjected to frequent attacks from hackers around the globe. Even small websites with low traffic volumes are targeted. And it makes little difference which website software you’re using; they’re all vulnerable to being exploited by hackers. The good news is that you can drastically reduce your vulnerability footprint with a little care and attention. That’s why we’ve created our WordPress Security Plan.

Prevention is better than cure. For WordPress users, this means you need to keep your website software – WordPress, themes, plugins – up to date. Our WordPress Security Plan is where we proactively manage this process for you on an ongoing basis. By staying up to date, you vastly minimise the likelihood of your WordPress website being hacked. While no one can guarantee 100% security, the alternative – ignoring your website updates – will mean that your website will become an attractive target for hackers.

For anyone subscribed to our WordPress Security Plan (or any of our other Digital Marketing Plans), this is how we minimise your chances of being hacked:

  1. Maintain your website software (WordPress, pluginsA and themeA files) so that it is current and up to dateB
  2. Take regular manual backups of your website and database and store them on our local server
  3. Install an additional layer of security that will actively monitor your WordPress website and protect it from known threats
  4. Remove and – where possible – replace plugins that have been discontinued by their developers, or that are known to have security vulnerabilities
  5. Migrate to the latest stable PHP version (where your website software will support it). This offers better security as well as a faster loading website

A. Commercial/subscription based plugins and themes may require additional fees to maintain current versions.
B. On rare occasions conflicts and incompatibilities arise through the process of updating WordPress, plugins and themes. Where this occurs, we will give you the option of either:

  • Reverting to the previous version of the affected software. This option is covered under this Security Plan; or
  • Developing a fix or workaround to eliminate the conflict and restore full functionality. This option will incur development charges not included under this Security Plan.

We have two tiers in our WordPress Security Plan:

  • Standard: suitable for small-medium brochure websites
  • Advanced: suitable for ecommerce (including Woocommerce) and sites with third-party integrations

Please contact us for current pricing.

If your website gets hacked, your search engine rankings can be affected. Google will warn its users if they’re visiting a site known to be infected with malware. Even after you’ve cleaned your website, it can take some time for Google to respond accordingly. The time it takes to undo the damage caused by hackers will mean a hit to your pocket and your online reputation.

Additionally, we – like any web host worth their salt – will take your website offline in the event of your site being hacked. This is to protect the other users of our web server. This is because in severe cases, one bad apple can spoil the whole barrel.

Maintaining and protecting your WordPress website cannot 100% guarantee you remain hack-free – nothing can – but it is by far your best option. Our proactive WordPress Security Plan will certainly minimise your vulnerability footprint.

No. Web hosting is just that – providing a place to keep (host) your website files. No web host in the world includes a proactive security service as part of their standard web hosting contract.

When we build a website, it is launched with the latest, most up to date WordPress software, themes and plugins available. This makes the website secure at that point in time.

However, vulnerabilities — weak points where hackers may break in — are not known until they are discovered (naturally enough). No one can foresee what vulnerabilities will eventuate in future. This means that while your website is secure at the time of launch, it will not always be so. It’s inevitable that, over time, vulnerabilities will be found in any web application.

Many business owners – innocently enough – set-and-forget their WordPress website, and assume that their website will remain safe for all-time. The fact is, like any other website system (or software in general), things change. Security holes are discovered and patched regularly. You really do need to stay on top of things.

An SSL certificate provides protection for your website visitors so that when they’re interacting with your website, their private data cannot be stolen by malevolent forces at play on the world wide web. It is an essential component to any website these days. However it won’t prevent your website from being hacked by the aforementioned malevolent forces.

Since 2017, SSL certificates are a free inclusion when your website is hosted with Hart Design. Most web hosts like to offer this as an added extra at around $170 per year. Ours are free.

Be familiar with change.

Things change fast in the website game. Usually, WordPress vulnerabilities are discovered and patched quickly by the good guys, before the bad guys learn of them and attempt to exploit newly discovered website weaknesses. On rare occasions this happens the other way around, which provides a much more challenging situation for affected WordPress website owners.

As each update is released – WordPress core software, third party plugins, themes, PHP versions – this creates change. Most often, updates run smoothly. However, on occasion, a change to one software may cause a conflict with another. This situation becomes more prevalent the more time passes. When a conflict happens, additional development will be required to rectify the problem.

Nothing lasts forever.

WordPress itself isn’t going anywhere; it’s loved and supported by 100s of dedicated developers around the world. That’s why we love it, too. Over time (years, not months), WordPress may see fit to revolutionise their core software, which may make a simple update impractical. At that point, a rebuild may be advisable.

Third party WordPress plugins may not be supported indefinitely by those who build them. Some are neglected for years. Some become known as security swiss cheese with no patches available. We are very picky when it comes to choosing plugins from respected developers in the community. But where a plugin is abandoned, it should be deleted and replaced quick-smart.

Themes (the building blocks for your website look and feel) may not be supported forever, either. Again, we choose themes from reliable and renowned developers with a good track record. When a theme is no longer supported by its developer, it’s advisable to change it out for a contemporary alternative.

We’ll say it again – no one can assure you will be 100% hack-free. However, this plan will mean that your vulnerability is drastically reduced. And if the worst should happen, the repair job is usually much easier and with less downtime.

View also: Web Hosting ⟶

One-time Security Update

Want a one-time security update?

No problem, we can help. As we’ve said above, running a one-off update is not as safe as subscribing to our WordPress Security Plan, where your website is regularly tended to as and when required. However, it is certainly a must-do if/when security issues become known.

Have your WordPress website secured ASAP

Please Note:

The costs for a one-off security update can vary from one website to another. Please contact us and we will be able to provide a quote for our assistance.

How quickly we can perform a one-off WordPress security update will depend on our workflow at any given time. Clients on a WordPress Security Plan are prioritised over casual customers.

WordPress Security Summary

Can WordPress be hacked?

Yes it can. The fact is, any website software is subject to attack from hackers. Certain older versions of WordPress are known to have severe security issues. The current version of WordPress is secure, but there is no guarantee that security flaws will not be discovered in future.

How can I protect my WordPress website from hackers?

Your best form of defence against being hacked is to keep your WordPress website up to date. Make sure you are on top of the latest WordPress updates, including theme and plugin updates. There are other more advanced methods of protecting your website that a professional developer can assist you with.

How do I fix a hacked WordPress website?

Updating WordPress and its plugins after the fact may not be enough. You should contact a professional website developer who is experienced with WordPress. They will be able to clean your website and identify the weakness that allowed your site to be hacked in the first place.

Shouldn’t my web host stop my website from being hacked?

Not unless you are paying them for some kind of protection plan. Most web hosts are not web designers and so they will not touch your website. The fact is your website is your responsibility. You should either manage your website security yourself or have a website professional to help you.