An SSL certificate creates an encrypted connection between your website and the user who is accessing it. It used to be that only websites processing credit card information were required to have an SSL certificate, and technically, that’s still the case.
However, Google has been pushing hard for all websites to have an SSL certificate. How can Google pressure you into having an SSL? For starters, in 2014 they announced they would be giving prefernce in search results to websites with an SSL installed.
We back up your site each and every night, making sure that your important data is safe and secure. You can revert to a previous version in the event that you made a change that broke the site, or for any other reason.
It’s important to note that not all backups are created equal!
First, if your site is backed up to your web server and your web server is hacked or crashes, your backup will be lost. Our backups are stored offsite on a completely different set of servers than the ones that host your live site.
Second, some backups are only configured to capture site files and not the site database. To do a complete site restore, you need everything in your WordPress folder including all uploaded files (/wp-content/uploads), as well as the site’s database.
How often are files backed up and how long are they stored?
We back up files nightly. Backups are stored for 30 days (or the 30 most recent backups if manual backups are created), after which they are deleted permanently. If you’d like to have access to a backup for longer than 30 days after its creation, we recommend you download a copy.
What data is backed up?
We back up everything in your WordPress folder, including all uploaded files (/wp-content/uploads) as well as the site’s database.
Where do you store backups?
Backups are stored offsite on a completely different set of servers than your live site.
Can I have a zip file backup of my site?
Yes absolutly! Just send us an email or give us a call and we will provide you with a link to download a backup.
How do I restore a backup?
Just send us an email or give us a call and we can restore a backup from the previous 30 days for you.
We consider keeping your site safe our responsibility. If your site is hacked on our watch we will removal the malware for free. Here are the details on how we keep your site safe:
WordPress core files are locked down
One of the great things about WordPress is that everything is built around the same core software. This allows plugin and theme authors to create awesome tools and designs that can be used by anybody running WordPress.
One of the not-so-great things about WordPress is that the common core used by millions of sites can allow the quick spread of infectioin and damage.
On our servers, nobody can overwrite your WordPress core files.
Everything in your WordPress install is locked down tight, aside from your custom content. Does somebody want to edit your wp-config.php file in order peddle creepy products on your site? Not on our watch!
It is worth noting that locking down core files means you can’t edit them either. This is a good thing because it’s best practice to leave core files alone as they’ll get swapped out in WordPress updates. You don’t want hard work getting wiped out every time WordPress is updated (quite often). If there are files like wp-config.php that you’d like to make changes to, just let our team know and we’ll make those for you! Unlike manual edits, these will carry over from update to update.
Intelligent IP blocking
Intelligent IP address blocking detects intruders and blocks them across all sites on our servers within seconds.
We monitor popular points of entry for hackers and immediately lock out any IP address trying to get through. These points include:
- Failed SSH Access Attempts
- Failed WordPress Login Attempts
- Spam WordPress Comments
- XMLRPC Connections (which we fully block by default)
We use a variety of techniques to block traffic starting with preventing known malicious IP addresses from opening a session with the server, which is a very severe and immediate action. Another softer layer of security we provide is our proprietary caching ban. This method detects “banned” access attempts and displays a cached page to the visitor stating that their connection has been banned. This method stops the connection at the highest layer of our servers software stack and utilizes the fewest server resources while still presenting a user-friendly response.
In the rare occasion that a client has forgotten their password and keeps trying dozens of time in just a few minutes, they’ll see a ban page but will be presented with easy, on-screen instructions to get their IP un-banned.
Since banned IP information is shared across sites, we develop a kind of “herd immunity” to malicious actors in real time as the attacks come in. So your site’s protected from hackers before they even try to attack your site.
Insecure passwords? Not on our watch.
Although it may not seem like a big deal, having hard-to-guess username and passwords really goes a long way on WordPress. Due to the uniform structure of WordPress, a lot of web bots will crawl across websites, simply appending a /wp-admin to the domain name. If the page loads, the bot will start trying username and password combos starting with some of the most common insecure passwords. So if you have a user named admin and a password of password1234, you’re at a pretty high risk of getting hacked.
That’s why we go to great lengths to ensure that our customers use strong passwords. If you try to create a new password that doesn’t make the cut, we’ll let you know.
Limited Login Attempts
One of the things we do to protect customers from malicious attacks is limit the number of login attempts from a single IP address to three attempts within twenty minutes. If you type the wrong password three times, you must wait to try again.
This goes a long way to deter would-be attackers, as they can no longer just try hundreds or thousands of passwords and try to brute force your account.
Limit Login Attempts works at an IP address level, so if you have multiple users trying to sign in to your site on the same network, they can easily wind up locking each other out, since Limit Login Attempts will only view them as a single user and will count each of their individual failed logins against the overall total allowed, and lock all users out if the limit is exceeded.
If you are locked out from too many failed login attempts, just send us an email and we will clear your IP address so you can get back in.
Automatic WordPress updates
In order to prevent outsiders meddling with your stuff, we make sure your site is running the latest and greatest version of WordPress. These updates often include security patches, which close any doors and windows that hackers may have found in previous versions. We make these updates for you automatically and usually happen within a few days of their release.
We pride ourselves on keeping the bad guys out of your site’s files and database through the preventative security measures mentioned above. That being said, malware prevention is an ongoing cat and mouse game where systems have to react and adapt to the ever-changing security gaps introduced by third-party plugins, third-party themes, or weak passwords.
In the event that you find your site has been compromised by a plugin or theme vulnerability, We can jump in right away and get to work cleaning up the infection. We’ll also notify you of our progress along the way.
If we learn of a wide-spread malware vulnerability within a particular plugin, we will update the plugin or disable it and notify you of the issue.
Free malware removal
In the rare event of a site getting hacked, our incredible team of WordPress experts will quickly and carefully remove the malware for you. For free.
Steps that you can complete while we’re working on cleanup are updating all themes and plugins on the site to their most recent version, uninstalling any plugins or themes that aren’t being used any longer, and updating all admin user passwords to something as strong as possible. Since outdated plugin/theme versions and insecure passwords are overwhelmingly the cause behind WordPress sites becoming infected with malware, taking care of these updates as soon as possible will also help us to ensure the site stays clean while we’re working on it.
Site speed and load time factors into everything from search engine ranking position, to bounce rate, and conversions. It might be something you never thought much about before. It’s one of those things we love to think about so you don’t have to! Here’s how we make your site faster:
Server Level Caching
We use a proprietary caching engine, specifically designed to make WordPress sites fast. It’s especially powerful because it works side-by-side with our Content Delivery Network (CDN) to serve up cached content from global points of presence (POP). When your users hit your site, they receive those files from the server that is geographically closest to them, which decreases load time, improves performance, and ensures all users have the same high-quality digital experience (no matter where they’re located)!
Premium Content Delivery Network (CDN)
Our CDN provider (Fastly) is trusted by some of the biggest sites in the world: BuzzFeed, the New York Times, Yelp, Pinterest, Twitter, and more. Now, your site can leverage those resources!
A CDN stores copies of your site on servers around the world. This shortens the distance between the user and your website, making it load a bit faster. A CDN also helps with load balancing. If there is a spike in traffic on the west coast, it reduces negative impact of users on the east coast.
If you’re thinking “I just have a local business, I don’t need to worry about people all over the world using my website.” That might be true. However, Google factors site load time into account when ranking a website in local search results, and we want to do everything we can to give our clients an advantage over their competitors.
WP Rocket Speed Optimization
Most web hosting companies consider it their job to provide hosting space, and that’s it. Whether your website is actually up and running properly is not their job. They just providing the hosting space.
Have you ever had a customer contact you and say “I went to your website and it’s down!” That’s embarassing. Then you have to call your web host and say “hey my site is down, what’s going on?” Aren’t they hosting your website? Shouldn’t they know and care if it’s not working? Again not really. As long as the server is up and running, the typically web host considers their job done.
We think of things a little more holisticly. We host your website, it’s in our care. We should know what is going on with it. If your website goes down we should be the FIRST to know about it.
We ping WordPress sites we host every 60 seconds to check for errors like 500 Internal Server Error and 404 Not Found erors. The catch with our status monitoring is that if the site is down but DOES NOT through an error code, we will not pick it up.
For example, if the site is loading a blank page. From the status monitor perspective, the site is loading without errors. However in this case, something else might be going wrong, such as a hack, in which case we would be alerted by our daily site malware scan.
All clients have access to our suite of premium plugins. These are the most commonly needed plugins for any business or organization and provide the ability for our clients to:
- Accept credit cards payments
- Create Online Forms, Applications, and Contracts
- Capture Electronic Signatures
- Integrate with Facebook
- Integrate with Instagram
- Event Calendars
- A/B Split test lead capture forms
- Speed Optimization
Click here for full details on the premium plugins included with our service.
According to a survey of over 1,000 digital marketing agencies and freelancers across 16 countries, published by Entreprenuer.com, the average hourly rate for a Web Design and Development Agency is between $101-$150 per hour. Our standard rate is slightly below average at $120/hour, however we also offer a preferred client rate of $60/hour for websites we host.
If we do not host your website our standard hourly rate will apply.
Standard Rate: $120/hour
Preferred Client Rate: $60/hour
Click here to learn more about our rates.