Website Security & Maintenance
Vital protection for all online business
A vulnerable site is bad for business
Protect your business and customers
If you have a website and you don’t have an experienced team ensuring it is safe, secure and well maintained then you risk service and revenue loss.
By engaging us as your maintenance and support team you ensure that you are protecting yourself from web bugs, hacks, and embarasing downtime.
With us on call you can rest assured that your website is functioning at the peak level your business requires.
We take care of the security and maintenance so you can take care of your core business.
- Financial penalties resulting from lost trade, lost visitor trust and from legal actions (GDPR)
- Search Engine penalties will result in lost traffic, and lower trust rating
- Your site will be placed on a blacklist so your site and email will be blocked by clients
- Illegal content will be served from your site (porn, malware, and more) putting you in legal jeopardy
- Your visitors and customer computers will be targeted and infected from your site
- Your reputation will be tarnished and trust in your competence will be lost
- You may be the victim of ransomware, where attackers destroy your data unless you pay
You need to ensure your website code is up to date, well maintained and secure so that you are not an easy target, and if you have problems they are swiftly resolved. Otherwise you run the risk of great financial and business costs restoring your standing.
Who is at risk, and why?
is compromised. Their profitability relies on you not discovering their presence and they will make sure your website looks normal, but you
is mysteriously slow. In the background they are making use of your
computing power for their own ends.
Who gets targeted?
Every website is targeted. The initial process is an automatic scan probing for weakness in your defenses. its a mistake to think you are not a target. Smaller companies present a better target than larger businesses with dedicated in-house security teams. Attackers are looking for any site which appears vulnerables.
One of our clients said that the Google results for their website looked odd and contained text about bitcoin, but when they looked at their site it all seemed fine. Our investigation found that the site was compromised three years earlier and was hosting a range of illegal services including pornography, spam services and bitcoin mining software. We were tasked with cleaning the infected site, a complex job as every database, file and image had been corrupted. We accomplished this task in 5 working days, but the cost to the client was far greater than our time.
You need to ensure your website code is up to date, well maintained and secure so that you are not an easy target, and if you have problems they are swiftly resolved before they escalate to the levels detailed above. Otherwise you run the risk of great financial cost and potential ruin.
Attacker motivations and methods
Why Do Attackers “hack” websites? 98% of “hacked” websites are compromised for profit.
For example: a common reason is to place Crypto-currency mining software on your server (Think of Bitcoin). From then on your website will generate sums ranging from as small as $5.80 up to $350 per day for the attacker, but you can see even the smallest amount scaled across 1,000 compromised websites can give an attacker automated wage of $5800 every day!
So they aim to put their software on as many websites as possible, and yours could be next if you haven’t taken the requisite steps.
Why would they choose your site? Attackers look to build a network of compromised sites. They want to use all those sites as a network for delivering illegal content. They don’t care what your business is, only that you have an website which they can use.
If your site contains a security or maintenance vulnerability you will be added to the target list. Your site will be targeted and potentially infected with malware which will hide itself from your staff, but will serve whatever content the attacker wishes.
Protect yourself with our help
We are specialists in WordPress Website Maintenance. With over 15 years of creating and maintaining sites for businesses and organisations who rely on us to keep their site up and running. When you need somebody to call to address urgent concerns about your website being hacked, or defaced – we know how to help.
Our preventative maintenance and security contracts are designed to give you peace of mind, so you can rest assured that your website is securely working for you.
1 Make sure your website is secure and well maintained
A maintenance contract ensures that pre-emptive actions are taken at regular intervals to ensure that protection is in place for your web-facing business.
You need a web professional team to analyse, track and take regular pre-emptive actions to secure your site against ongoing attacks before they become a problem. Also a security expert must be on hand to lock down any ongoing attacks.
You need to authorise maintenance actions including off-site backups to be made in case of disaster, for those backups to be reinstated if required, and for 3rd party “plugins” which are used on your site to be updated where applicable to improve functional speed and security.
2 What is covered when we look after your website?
The provision is an preventative measure against attack, user error or server failure, but security is a preventative and never a guarantee.
Our services are equivalent to employing a real-world maintenance and security firm who will monitor your business premises and apply industry standard security protocols, with the aim of keeping your site clean, efficient and secure.
We endeavour to use our years of applied specialised skills to keep your website secure, stable and competitive. We help you prevent disaster and will assist you back onto your feet the worst happens.
3 Disaster Recovery
In the case of a website which goes offline, shows unexpected text, or shows a white-screen (blank page) we are there to help. Sometimes you may find that your website appears fine, but your listing in search engines contains unrelated terms. It may be that your website displays correctly but includes text or images which you did not add.
Often this is due to your website or web server being hacked. Even with the best security-locks in place if a hacker finds a key then your door is open.
In these cases we provide immediate advice and will take control of the situation. We lock down the server and perform actions to scrub the infection. We examine offline files to detect the earliest intrusion, and we check security advisories for the best preventatives. We reinstate your site with new passwords and all threats removed in the fastest possible time.
4 Routine tasks covered by this agreement
Routine maintenance tasks
These tasks include
- Installation and management of dedicated security tools and logging software to aid our task of securing and monitoring your site traffic.
- Every month your site’s database, text, images, code and content will be backed up to an off-site location in case of a hack or server incident.
- All 3rd party code which has available updates will be tested for compatibility on a remote server and if tests pass it will be updated to improve function and security.
- We test this code which provides core functionality such as forms, contact data, image galleries, light-boxes, layout, etc. on a development server to ensure nothing breaks, and if the tests pass it is integrated into your live site.
- An additional backup is taken at this point.
- Rolling back and repairing any errors which may have been accidentally triggered by the client.
- Access logs are analysed for slow points, and actions taken to speed the site – this may require a replacement of one functional “plugin” for another, and this requires testing.
Routine Security tasks
These tasks include
- Applying security patches to protect against newly discovered attacks known to security researchers
- Analysing newly popular attack vectors (in web security publications) and investigating and implementing any required protection.
- Monthly integrity check of all files to detect attack vectors and initial intrusion attempts
- Analysing logs to see what attempts are being made and implementing the appropriate protections and blocks to prevent access, or to coral the attempts.
- Trace and block attacker IP addresses and greylist or blacklist offending originating servers
- Updating all core and 3rd party “plugin” software which has an security advisory update.
What is not covered by this service
The addition of new website features is not covered by the umbrella of maintenance and security, additionally content-editing is not covered by maintenance and security.Sometimes web visitors or site owners may have problems with their home or office email, or they may have issues with internet connectivity – this service does not cover these issues.
In the cases where the web hosting or email services are operated by a 3rd party supplier and the web hosting or web email is non-functional (meaning the server itself is unresponsive) we cannot take actions to remedy the situation because we may not have the authoritative access to the required control panels and functions to repair a server in these cases.
In cases where we supply hosting we can offer increased support in cases where there are problems with the web server and web email.
5 Web Hosting Access Requirements
To perform maintenance and security actions we need full access to your website control panel provided by your web host, access to your databases and access to FTP. In addition
Benefits of Hosting with Pheriche
- If your web site is hosted via Pheriche we can offer additional maintenance and cover including
- Nightly backups for instant recovery of the site as it was 24 hours earlier
- Optional instant roll-back to the previous week’s backup
- Backups stored on a remote secure server
- Free SSL certificates to improve security between the server and the client (“Padlock” in webbrowser)
- Speed and security improvements using world leading “CloudFlare” technology
- Server technology which is tested as 86% faster than competing technology (PHP 7.2 delivered on a Litespeed licensed server)
- Many more speed and security benefits
6 Variation, Overspill, and Additional Hours
If a situation arises which requires additional hours to fix which extend beyond the agreed 16 hour retainer then we will liaise with you for the best possible outcome for your business.
For example: If at the 10 month mark (10 hours of contract) your site suffers a hack attack and your site requires rebuilding from the off-site backups this will require a clean install of the site, an analysis of the backups, and an audit of any potentially compromised logins as well as potential vectors including server code, plug-ins, add-ons and partners.
A place-holder would be put in place as the site is reinstated and the security team liaise with your office. If the site is under persistent hack attack additional security action may be required which could additional hours, causing an over-run outside of the retainer contract.
We will advise and aim to deliver a quick resolution if such a case ever did occur. Our aim would always be to re-instate and secure your site as a priority. We undertake to resolve such issues with the understanding that the over-run cost of additional work would be invoiced and paid as such after the fact.