The topic of WordPress site security looms large for every website owner. Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week. While the WordPress core software is very secure and is audited regularly by hundreds of developers, DigitalWires goes the extra mile (and more) to keep your site secure.
1. The default installation of WordPress creates the administrator account (the highest, most powerful, user of the site) username as “admin”. Hackers know this. We immediately change that to a cryptic username like “jiet7467th46”
2. We use a 14-character long password containing upper and lowercase letters, symbols and numbers (such as v23dsnFy@hXTBR)
3. The default URL for your WordPress admin site is https://www.yourdomain.com/wp-admin. Again, hackers know this. We create a custom URL unique to your website that would be very difficult for hackers to find.
4. We employ Google reCAPTCHA for the WordPress login screen along with Pwned Password protection that protects your site against password leak attacks. This blocks logins from users using a known compromised password that exists in database breach records. We also use Forced Password Reset to force users to change their password upon next login if there is a security breach.
5. We install Defender Pro which limits the number of consecutive failed logins within an hour.
6. We can install Two Factor Authentication (2FA) so that users are required to enter a password and an app-generated passcode using their phone – the best protection against brute force attacks.
7. We install WordFence – the top security plugin currently available for WordPress. And, just as importantly, we monitor the results daily.
8. Our Website Security and Maintenance Plan includes an additional daily scan for viruses and malware from Defender Pro.
9. The Website Security and Maintenance Plan also automatically updates your WordPress theme and all plugins to be sure they are the latest version to avoid security holes in older versions.
10. Your website is backed up daily both on and off-site – for additional security.
11. We utilize a Content Delivery Network (CDN) from Cloudflare for an additional layer of security and also for fast loading of your website.
12. Your site is hosted on a Virtual Private Server with a dedicated IP address and Web Application Firewall (WAF). The WAF filters incoming requests against a highly optimized managed ruleset to block hackers and bot attacks before they reach your site.
13. We employ a real-time website monitoring system from Alerta to ping our server every 5 minutes, so we know immediately if there is trouble. You can check out uptime – anytime – by using this link: Alertra Uptime