Malware removal & hack cleanups
The cost of one-off WordPress hack remediation can be pretty steep, but we offer malware removal services to our clients at a reasonable charge.
Prevent hackers and malicious scripts from infiltrating your WordPress website with a CloudProxy Firewall — included with every WP Site Care Pro plan.
Spam isn’t just annoying — it can damage your site’s credibility and put site visitors at risk for phishing, scams, and malware. We help prevent malicious spam attacks against your WordPress site.
SSL certificates & forcing HTTPS
These days, a secure site connection is non-negotiable. An SSL certificate and forcing HTTPS prevents phishing, encrypts personal data, and ensures safe transactions. We can take care of the entire process for you.
We prevent brute-force login attempts by blocking automated hacker bots, limiting login attempts, implementing two-factor authentication, auditing user accounts with admin access, and whitelisting logins for selected IP addresses.
The security of your WordPress site is only as strong as your weakest user password. We make sure your site is enforcing strong password hygiene for all site users, and also enable two-factor authentication for additional security.
DDoS attack mitigation
Denial of Service attacks are a site owner’s worst nightmare — they cause lengthy downtime resulting in revenue loss and major headaches. Our firewall can block layer 3, 4, and 7 DDoS attacks.
WordPress Security Threats
As a website owner, WordPress security should be at the top of your mind. While the core WordPress software is incredibly secure and well-maintained, the widespread popularity and open-source nature of WordPress makes plugins, themes, and scripts a major target for hackers. Here are the most common WordPress security threats to watch out for:
1. Brute-force login attempts
Brute-force login attempts are designed to gain access to your site by guessing user passwords. One common brute-force tactic is a dictionary attack, which is an automated script that makes thousands or even millions of login attempts using username and password combinations generated from predefined patterns (for example: unicorn1, unicorn2019, unicorn42, etc). While strong password hygiene provides a fantastic first line of defense against these attacks, the truth is that even complex passwords can eventually be guessed through a persistent dictionary attack. That’s why it’s important for WordPress site owners to limit login attempts, implement two-factor authentication, and use a firewall with built-in brute force prevention.
2. DDoS attacks
A distributed denial of service (DDoS) attack is a coordinated effort to bring a site down by overwhelming the server with more traffic than it can handle. The debilitating amount of traffic is generated by a network of IP addresses from computers across the globe that hackers have gained access to without the knowledge of the machine owners. DDoS attacks are one of the hardest cyber attacks to prevent and track, but their impact can be mitigated through the use of a firewall.
Backdoors are any type of code that allows hackers to bypass security encryption and gain access to your WordPress site. Backdoors are typically caused by vulnerabilities in software and scripts that are outdated or buggy. They are usually disguised as seemingly legitimate files or innocent bits of code, which allows them to fly under the radar and provide an entryway into a site for other malware attacks. The best way to detect and prevent backdoor attacks is by installing a firewall, setting up malware monitoring, keeping up with regular site software updates, enabling two-factor authentication, and restricting administrative access.
4. Pharma hacks
Pharma hacks are an SEO spam scheme in which vulnerabilities in outdated WordPress software are exploited and injected with coding that causes sketchy pharmaceutical ads to appear whenever the compromised site appears in search engine results. It’s not uncommon for search engines to block sites that are unknowingly distributing pharma hack spam. The simplest way to prevent pharma hacks is to keep your WordPress core, theme, and plugin software up to date.
5. SQL injections
SQL injections are a cyber attack in which hackers insert malicious code into a WordPress SQL database through a website’s forms (i.e. contact forms, newsletter sign-up form, site search bars, etc). There are two types of SQL injections. A classic SQL injection can result in the return of sensitive information from inside of the database, while a blind SQL injection can be used to run code within the database and wreak havoc from the inside. The best way to prevent SQL injections is to install a firewall, make sure you update your site software regularly, and only choose plugins and themes from trusted, reliable sources.
6. Malicious redirects
Malicious redirects use backdoors in vulnerable WordPress sites to redirect traffic to a nefarious website with the intention of garnering ad impressions or, in more extreme cases, exploiting site visitors and installing malware on unprotected devices. A firewall and 24/7 malware monitoring will help you secure your WordPress site and protect your site visitors.
7. Cross-site scripting attacks
Cross-site scripting (XSS) attacks are caused by security vulnerabilities that allow malicious code to be injected into otherwise trusted WordPress websites and plugins. This malicious code, typically manifesting as a browser side script, allows attackers to extract cookie and session data from other site visitors without them realizing it. An XSS vulnerability is the most common type of vulnerability found in WordPress plugins, which is why it’s so important to choose trusted, reputable plugins.