Protecting your site

Web Security is built-in, not an afterthought

When we build your website, we take into consideration every facet of the platform, so it’s extendable, robust, and focused on performance. Security and maintenance are at its base, not an afterthought.


Security begins with a hardening process. When we build your site, we lock down file permissions and access rights, addressing the ways hackers get into a site. Running Open Source platforms like WordPress require maintenance and vigilance, and we make improvements continually.

Multiple levels of protection, alert mechanisms, industry best practices and continual maintenance keep your site up and running.

After your site goes live, we manage a suite of security plugins that protect you from brute-force attacks, malware, and malicious code. These range from free plug-ins to paid versions, which we suggest, relative to your needs.

Two Levels of Protection

It’s important to note that there are two levels of common protection we offer. At the Server level, we rely on our web hosts to offer protections and cures, in the event of an issue.

Often, it’s on the web developer to actually set up these services, and if the client does not specify a need, these simple protections are not put in place. It takes time and effort to perform and manage these services. Make sure it’s getting done for your site.

The second is the Admin level. That’s where we use the platform to ensure we’ve enabled security plugins and backup when we build your site and then maintain it.

We manage this in monthly maintenance fees and encourage you to be aware of the need and level of service you are receiving. This is where most relationships between a web developer and the client break apart.

Backup and Recovery

Site backup and recovery is another subject to discuss. If a site is hacked, we have several options to correct and the most important question is, how quickly can we restore your site.

The first option is to correct the issue. This can be time intensive. The tools we use can be upgraded to their paid versions, when and if they are needed. Other clients run paid versions from the moment they’re launched.

The second option is to restore a previous backup to your site. We recommend a backup schedule that sets how often we create a backup point and how long we keep them. After a restoration, we still need to be vigilant and scan for file changes and intrusion.

The third option is a site rebuild. This might sound like a lot of work, but often, it’s the simplest solution. We can recreate an existing site rather quickly and implement stronger protections from the start.

Which security plugins should we upgrade?

JetPackImprove your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing. By Automattic, the team who brought us WordPress.

SolidWPReduce your WordPress website’s risk to nearly zero with Solid Security. Password, Two Factor Authentication, and Brute Force Protection.

SucuriClean and Protect Your Website Fast. Restore your peace of mind by securing your websites with our cloud-based website security platform and experienced security analysts. Features include site auditing, malware scanner, security hardening, and hack restoration. Recently acquired by GoDaddy.

WordfenceMake security a priority with Wordfence. Firewall, Malware Scanner, Two Factor Authentication and Comprehensive Security Features, powered by our 24 hour team. We’ve used Wordfence to secure and monitor our sites for over 10 years.

If you have a web security solution you believe in, please share it with us.