Disinfection
Once we have access to your website and server, and information from you about the problem, we will:
- Take a full site backup before we make any changes
- Visually inspect the site’s codebase (the collection of files on the server) – we will look at key files (.htaccess, wp-config) to check for anomalies, and look for other files that look out of place
- Check your user accounts for any administrator accounts that you didn’t create
- Review your site’s theme and plugins to see what’s out-of-date, and whether they contain any known vulnerabilities – we will then update to the latest versions, as well as removing any unnecessary plugins and themes
Hardening
Once a site has been disinfected, it’s important to keep it clean! Our hardening service will:
- Install a firewall plugin (if you don’t have one already) and check it’s correctly configured
- If appropriate, install an additional layer of login security (called Htpassword) which will stop hackers even getting to your WordPress login screen
- Make it harder for hackers to access key files on your server
- Disable any elements of WordPress that are not needed (XMLRPC, the WordPress theme editor)
- Audit your users to make sure they have strong passwords and appropriate permissions
At the end of this process you will get a full report itemising what we found and what steps we took.