WordPress Security & Disaster Recovery

Overview

We are pleased to partner with you on your WordPress website’s security management needs. We’d like to ensure you that our team takes your website’s integrity serious. We follow a rigorous process for disaster recovery in the event an unfortunate situation occurs. Our team follows a 7-step process for disaster recovery and it is listed below:

  1. Preparation
  2. Detection
  3. Containment
  4. Investigation
  5. Remediation
  6. Recovery
  7. Retrospective

We monitor your website, scan for malware, back up your website and are ready to take action if an intrusion or malware event arises. In order to get started we have a short onboarding that will allow our team to setup and protect your website.

Setup & Onboarding

Our team works with you to ensure you have a sound internal security process for all administrators, editors, and website business users. If we identify any opportunities to increase security we will provide recommendations. Our team will need the following in order to setup your security monitoring services:

  1. Your Information Technology(IT) department’s point of contact phone & email address
  2. Name of your Virus/Endpoint security provider (Bitdefender, Sophos, etc.)
  3. Name of your password management software
  4. Access to your Domain Registrar (GoDaddy, Google, etc.)
  5. Access to your Content Delivery Network(CDN) (Cloudflare, etc.)
  6. Administrative access to your web hosting provider (WPEngine, etc.)
  7. Administrative account creation in your WordPress website

We will let you know what email address to use as the primary security administrator for access, etc. After successful setup and access, we begin our 7-Step process.

Preparation

We setup and configure your website for enhanced security. We scan, secure and harden your website so that we protect your business from malware, viruses, etc. We configure Two-Factor Authentication(2FA), firewall protection, and setup notifications to manage your site around the clock. Our team will create off-site backups to decouple your site’s backups so that we reduce risk and create data redundancy. We will setup a 15 day off-site rolling backups to protect your website’s data.

Detection

Our team runs frequent malware scans to detect and notify our team of any unusual behavior on your website. Our security experts monitor the industry for any plugins or WordPress core builds that have known or new vulnerabilities. If we identify anything unusual, we will immediately take preventative measures to contain and defend your website, user accounts, and website integrity.

Containment

We follow our internal processes to scan, capture, and isolate and/or mitigate risks associated with an event. Our team will review logs and will take the appropriate actions to reduce recovery time based on the severity of the event. The goal is to identify the area in which the website was compromised as quickly as possible and investigate further for cascading artifacts.

Investigation

Our WordPress security team will investigate the root cause and document the event and share findings for future security planning and hardening of your website. We will also make security recommendations to administrators and other website users as needed. Our team will coordinate with stakeholders if an event appears to be related to their user passwords, etc. We will collect physical and/or digital evidence as required.

Remediation

Our WordPress security team will repair affected plugins, core files, etc. We will communicate with stakeholders and affected parties on next steps to take. We will confirm that the threat has been contained and will create a post-incident report if warranted.

Recovery

The security team will determine if recovery from backups are required. If required, we will assess the impact of restoring the most recent website backup and will coordinate as needed on the site restore. Upon restoring previous backup we will perform a routine scan to ensure that the restored website is clean and malware free.

Retrospective

Our team is comprised of Agile practitioners and we believe in continuous process improvement we welcome open and honest feedback with our team members and clients. We document our retrospectives so that we can continuously strengthen our team and improve ourselves 1% at a time.

Summary

We look forward to collaborating with you as your extended IT department focused on website security and integrity management.