About Maintenance and Security

If you have a wordpress business website and are worried about maintenance, security and updates

We are specialists in WordPress Website Maintenance. With over 15 years of creating and maintaining sites for businesses and organisations who rely on us to keep their site up and running. When you need somebody to call to address urgent concerns about your website being hacked, or defaced – we know how to help.

Our preventative maintenance and security contracts are designed to give you peace of mind, so you can rest assured that your website is securely working for you.

1 Make sure your website is secure and well maintained

A maintenance contract ensures that pre-emptive actions are taken at regular intervals to ensure that protection is in place for your web-facing business.

You need a web professional team to analyse, track and take regular pre-emptive actions to secure your site against ongoing attacks before they become a problem. Also a security expert must be on hand to lock down any ongoing attacks.
You need to authorise maintenance actions including off-site backups to be made in case of disaster, for those backups to be reinstated if required, and for 3rd party “plugins” which are used on your site to be updated where applicable to improve functional speed and security.

2 What is covered when we look after your website?

The provision is an preventative measure against attack, user error or server failure, but security is a preventative and never a guarantee.

Our services are equivalent to employing a real-world maintenance and security firm who will monitor your business premises and apply industry standard security protocols, with the aim of keeping your site clean, efficient and secure.

We endeavour to use our years of applied specialised skills to keep your website secure, stable and competitive. We help you prevent disaster and will assist you back onto your feet the worst happens.

3 Disaster Recovery

In the case of a website which goes offline, shows unexpected text, or shows a white-screen (blank page) we are there to help. Sometimes you may find that your website appears fine, but your listing in search engines contains unrelated terms. It may be that your website displays correctly but includes text or images which you did not add.

Often this is due to your website or web server being hacked. Even with the best security-locks in place if a hacker finds a key then your door is open.

In these cases we provide immediate advice and will take control of the situation. We lock down the server and perform actions to scrub the infection. We examine offline files to detect the earliest intrusion, and we check security advisories for the best preventatives. We reinstate your site with new passwords and all threats removed in the fastest possible time.

4 Routine tasks covered by this agreement

Routine maintenance tasks

These tasks include
  • Installation and management of dedicated security tools and logging software to aid our task of securing and monitoring your site traffic.
  • Every month your site’s database, text, images, code and content will be backed up to an off-site location in case of a hack or server incident.
  • All 3rd party code which has available updates will be tested for compatibility on a remote server and if tests pass it will be updated to improve function and security.
  • We test this code which provides core functionality such as forms, contact data, image galleries, light-boxes, layout, etc. on a development server to ensure nothing breaks, and if the tests pass it is integrated into your live site.
  • An additional backup is taken at this point.
  • Rolling back and repairing any errors which may have been accidentally triggered by the client.
  • Access logs are analysed for slow points, and actions taken to speed the site – this may require a replacement of one functional “plugin” for another, and this requires testing.

Routine Security tasks

These tasks include
  • Applying security patches to protect against newly discovered attacks known to security researchers
  • Analysing newly popular attack vectors (in web security publications) and investigating and implementing any required protection.
  • Monthly integrity check of all files to detect attack vectors and initial intrusion attempts
  • Analysing logs to see what attempts are being made and implementing the appropriate protections and blocks to prevent access, or to coral the attempts.
  • Trace and block attacker IP addresses and greylist or blacklist offending originating servers
  • Updating all core and 3rd party “plugin” software which has an security advisory update.

What is not covered by this service

The addition of new website features is not covered by the umbrella of maintenance and security, additionally content-editing is not covered by maintenance and security.Sometimes web visitors or site owners may have problems with their home or office email, or they may have issues with internet connectivity – this service does not cover these issues.

In the cases where the web hosting or email services are operated by a 3rd party supplier and the web hosting or web email is non-functional (meaning the server itself is unresponsive) we cannot take actions to remedy the situation because we may not have the authoritative access to the required control panels and functions to repair a server in these cases.

In cases where we supply hosting we can offer increased support in cases where there are problems with the web server and web email.

5 Web Hosting Access Requirements

To perform maintenance and security actions we need full access to your website control panel provided by your web host, access to your databases and access to FTP. In addition

Benefits of Hosting with Pheriche

  • If your web site is hosted via Pheriche we can offer additional maintenance and cover including
  • Nightly backups for instant recovery of the site as it was 24 hours earlier
  • Optional instant roll-back to the previous week’s backup
  • Backups stored on a remote secure server
  • Free SSL certificates to improve security between the server and the client (“Padlock” in webbrowser)
  • Speed and security improvements using world leading “CloudFlare” technology
  • Server technology which is tested as 86% faster than competing technology (PHP 7.2 delivered on a Litespeed licensed server)
  • Many more speed and security benefits

6 Variation, Overspill, and Additional Hours

If a situation arises which requires additional hours to fix which extend beyond the agreed 16 hour retainer then we will liaise with you for the best possible outcome for your business.
For example: If at the 10 month mark (10 hours of contract) your site suffers a hack attack and your site requires rebuilding from the off-site backups this will require a clean install of the site, an analysis of the backups, and an audit of any potentially compromised logins as well as potential vectors including server code, plug-ins, add-ons and partners.

A place-holder would be put in place as the site is reinstated and the security team liaise with your office. If the site is under persistent hack attack additional security action may be required which could additional hours, causing an over-run outside of the retainer contract.

We will advise and aim to deliver a quick resolution if such a case ever did occur. Our aim would always be to re-instate and secure your site as a priority. We undertake to resolve such issues with the understanding that the over-run cost of additional work would be invoiced and paid as such after the fact.

Find out more about how we can help You

Get in touch with us and find out how we can help support your business.