Maintenance


Keeping a website ticking on the back end requires continues updates of plugins, themes and the WordPress core, scheduling backups, monitoring for Malware, hardening access and so on. The alternative is to risk malfunction, or even worse, to be hacked. Something we sadly also have experienced.

Below you will find detailed information on our maintenance services with the cost breakdown, along with optional extra features and hosting, on your right.

With the basic package, we will perform all the task on a monthly basis. Should your site still be compromised, we will attempt to recover it though we can not guarantee it.

That said, even with the premium package we still can’t guarantee that your website will always be in perfect running condition. However, you are much; The premium package serves you with daily monitoring of files, daily backups, restore features, customised security, all which will help us know when your site is compromised and allow us to act on it immediately.

Dedicated Server

Most web & email hosting providers offer shared hosting, a hosting environment where you have no control over the actual server and the 1000s of other domains hosted on the same server. This is in no way by default a bat option, though the benefit of a dedicated server is far more. This Side Up Media have their own dedicated server with Hetzner. This means that the only domains hosted on our server is that of our clients. The server, located in South Africa is built for speed and efficiency to meet our customers’ performance demands, giving you the freedom to grow and customise. Our dedicated server will give you the efficiency and stability you’re looking for.

Hetzner’s Managed Dedicated servers are a popular choice for business customers that require a reliable platform for mission critical projects such as high volume websites, e-commerce platforms and online applications.

Processor: Intel Xeon E3-1230 Quad Core 3.2GHz
RAID: S/ware RAID 1
RAM: 4 GB ECC DDR3 1333MHz
Disk: SATA HDD Enterprise-class

Hetzner Backup

Routine Backup-Only by Hetzner: Included
Hetzner keeps a backup of all your website files. Backup files are kept for a maximum of two weeks.

Though the Hetzner backup is a complete backup of your entire website, it is not specifically geared for WordPress website.

Hetzner do provide a Restore Backup Tool in their konsoleH, which allows customers to restore web files and databases from the available revisions. You will be responsible for your own restore.

Hetzner does not guarantee backups . They do routinely achieve an over 90% success rate on all backups. It is advisable that you keep a separate backup of your files and databases remotely e.g. on your PC’s hard drive or on a portable hard drive.

BackWPup

Monthly Backups: Included
We will save your complete website installation including the wp-content folder and push them to an external Backup Service, like Dropbox, S3 or FTP.

  • Database Backup (needs mysql)
  • WordPress XML Export
  • Generate a file with installed plugins
  • Optimize Database
  • Check and repair Database
  • File backup
  • Backups in zip, tar, tar.gz, tar.bz2 format (needs gz, bz2, ZipArchive)
  • Store backup to directory
  • Store backup to FTP server (needs ftp)
  • Store backup to Dropbox (needs curl)
  • Store backup to S3 services (needs curl)
  • Store backup to Microsoft Azure (Blob) (needs PHP 5.3.2, curl)
  • Store backup to RackSpaceCloud (needs PHP 5.3.2, curl)
  • Store backup to SugarSync (needs curl)
  • Send logs and backups by email

Available languages

  • english (standard)
  • french / français (fr_FR)
  • german / deutsch (de_DE)
  • russian / pоссия (ru_RU)
  • simplified chinese (zh_CN)

Requirements

  • WordPress 3.4 and PHP 5.2.6 required!
  • To use the Plugin with full functionality PHP 5.3.3 with mysql, FTP,gz, bz2, ZipArchive and curl is needed.
  • Plugin functions that don’t work because of your server settings, will not be displayed in admin area.

Remember: The most expensive backup is the one you never did! And please test your backups!

Vaultpress

Vaultpress Lite – R100 / month
Daily backups with a 30-day archive and automated restores.

Vaultpress Basic – R250 / month
Realtime backup to protect changes as they happen.

VaultPress keeps your site safe. Every post, picture, and page. Every comment, revision, and setting. Everything.
VaultPress makes it easy to keep an up-to-date backup of your site with both daily and realtime syncing of all your WordPress content. To ensure your site stays safe, VaultPress performs security scans daily and makes it easy to review and fix threats.

The VaultPress plugin connects your site to the VaultPress servers. Backups and security scans take advantage of WordPress hooks, and are optimized for WordPress-powered sites. Provide FTP or SSH information, and VaultPress can automatically restore a backup to your site.

Monitor Backup Activity in Realtime
Watch in realtime as VaultPress syncs your latest changes or scans your site for security threats.

Scan Your Site Daily
Every day, VaultPress scans your site for potentially dangerous files, as well as any suspicious changes to your WordPress install. We’ll email you if we find anything.

Restore Backups Automatically
Click a button and begin restoring any backup in just a few minutes using an FTP or SSH connection. You can restore to your current site, or to an alternate test site.

Review & Fix
VaultPress makes it easy to review suspicious code and fix the most common threats with a simple button click. For very dangerous threats, VaultPress will automatically fix your site and notify you.

Download a Backup
Browse your history of backups and download your database, uploads, themes, or plugins.

Rely on Our Safekeepers
Our collection of WordPress experts are available to help backup, restore, and fix your site. With the VaultPress plugin installed on your site, the Safekeepers have access to a number of tools that help us safeguard your site.


Maintenance and security of WordPress sites is becoming more and more important. As the popularity of WordPress has grown, the number of hacking attempts has continued to rise – this doesn’t mean WordPress isn’t still a great base for your site, only that it requires a certain level of maintenance and vigilance to make sure your site is protected. WordPress is used by more than 18.9% of the top 10 million websites – which means it’s an increasingly appealing target for Web-based malware (ie, injected links to pharmaceutical companies or other spammy content) – a successful hack into one WordPress vulnerability opens the door to thousands of other sites to hack.

The WordPress team is committed to responding to all known loopholes within the core and securing them accordingly – each new release addresses any new known vulnerabilities, thus it’s important to keep your WordPress install up to date. In addition, your plugins need to be updated and checked regularly to make sure they cooperate with the WordPress core updates. We do our best to use plugins that I think are trusted and maintained well, but even those need tweaks from time to time.

We will perform the following tasks once a month to ensure your website run the latest versions.

  • WordPress core updates
  • Plugin updates
  • Premium Theme Updates
  • Framework Updates
  • PHP
  • 1 Hour of Compatibility Support*

* We offer up to 1 hour of compatibility support each month. If we can’t fix it within that time, we will contact you with recommendations.

We will also monitor the update activity of the plugins and themes used. From time to time it happens that development to a plugins or themes are discontinued, in which case we will suggest an alternative approach.

Best Practice Security

While Security plugins is a great way to keep your website safe, they can also cause conflict with other plugins and put extra load on your server, making your website slow. This Side Up Media has worked for years with many of the top security plugins and, included iTheme Security, listed below, We looked at the ways their secure websites, studied and contributed on online forums in order to narrow the list to the most essential “to do”.
The result, better security without the sue of a plugin. That said, we often use iTheme security and Wordfence in combination, depending in the requirements and the intricacy of your website.

Our custom security list can be divided into two categories;
1) Security enhancements done while developing a website;
2) Security enhancements done once the website is live, with monthly check and updates.

studied it and and while we still believe in their value, we also developed our own “to do” list

iTheme Security / Wordfence

Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

One-click activation for most features: Included
Advanced Features & Setup: R100 / month

Obscure
As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.

  • Remove the meta Generator tag
  • Change the urls for WordPress dashboard including login, admin, and more
  • Completely turn off the ability to login for a given time period (away mode)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them
  • Remove Windows Live Write header information
  • Remove RSD header information
  • Rename “admin” account
  • Change the ID on the user with ID1
  • Change the WordPress database table prefix
  • Change wp-content path
  • Removes login error messages
  • Display a random version number to non administrative users anywhere version is used

Protect
Just hiding parts of your site is helpful but won’t stop everything. After we hide sensitive areas of the sites we’ll protect it by blocking users that shouldn’t be there and increasing the security of passwords and other vital information.

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  • Ban troublesome bots and other hosts
  • Ban troublesome user agents
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Strengthen server security
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Force SSL for admin pages (on supporting servers)
  • Force SSL for any page or post (on supporting servers)
  • Turn off file editing from within WordPress admin area
  • Detect and block numerous attacks to your filesystem and database

Detect
Should all the protection fail Better WP Security will still monitor your site and report attempts to scan it (automatically blocking suspicious users) as well as any changes to the filesystem that might indicate a compromise.

  • Detect bots and other attempts to search for vulnerabilities
  • Monitor filesystem for unauthorised changes

Recover
Finally, should the worst happen Better WP Security will make regular backups of your WordPress database (should you choose to do so) allowing you to get back online quickly in the event someone should compromise your site.

  • Create and email database backups on a customisable schedule

Other Benefits

  • Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
  • Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.

Compatibility

  • Works on multi-site (network) and single site installations
  • Works with Apache, LiteSpeed or NGINX (NGINX will require you to manually edit your virtual host configuration)
  • Some features can be problematic if you don’t have enough RAM to support them. All my testing servers allocate 128MB to WordPress and usually don’t have any other plugins installed. I have seen issues with file check and database backups failing on servers with 64MB or less of RAM, particularly if there are many other plugins being used.

Please visit Better WP Security’s website for further detail: http://fooplugins.com/

Sucuri SiteCheck

Basic: Included
We will perform monthly Sucuri SiteCheck to check your site for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc.
Should the scan result show any malware we will attempt to restore it.
For advanced infections, we will contact you to discuss the best way forward.

Premium: R100 / month
We will sign you up for a premium Sucuri package.
Your website will be scanned daily for malware and blacklisting
If your site is compromised and you need urgent help, Sucuri will handle the clean-up.
We will manage this process and liaise with Sucuri through their support centre until your site is back on track.

Sucuri SiteCheck detects various types of malware, SPAM injections, website errors, disabled sites, database connection issues and code anomalies that require special attention to include:

  • Obfuscated JavaScript injections
  • Cross Site Scripting (XSS)
  • Website Defacements
  • Hidden & Malicious iFrames
  • PHP Mailers
  • Phishing Attempts
  • Malicious Redirects
  • Anomalies
  • Drive-by-Downloads
  • IP Cloaking
  • Social Engineering Attacks

There are a number of blacklisting authorities that monitor for malware, SPAM, and phishing attempts. Sucuri SiteCheck leverages the APIs for these authorities to check your website blacklisting status:Sucuri

  • Google Safe Browsing
  • Norton
  • AVG
  • Phish Tank (Phishing Specifically)
  • ESET
  • McAfee SiteAdvisor
  • Yandex

We augment the SiteCheck Malware Scanner with various. 1-click hardening options. Some of these options do not provide a high level of security, but collectively these options do lower your risk floor:

  • Verify WordPress Version
  • Protect Uploads Directory
  • Restrict wp-content Access
  • Restrict wp-includes Access
  • Verify PHP Version
  • Disable the theme and plugin editors

Please visit Sucuri website for further detail: http://sucuri.net


Although the plugins and services we have discussed are great helpers in the fight against website disaster, they can’t do everything for you. You still need to take care of your website and try as best you can to limit the risk of disaster. Below is a list of best practices you can follow to help your WordPress blog live a healthier and happier life.

Although the plugins and services we have discussed are great helpers in the fight against website disaster, they can’t do everything for you. You still need to take care of your website and try as best you can to limit the risk of disaster. Below is a list of best practices you can follow to help your WordPress blog live a healthier and happier life.

1) Always keep your WordPress version, plugins and themes up to date. There’s a reason for those little update notification icons you keep seeing in your dashboard…don’t ignore them. Like your PC, very often these updates carry important fixes to newly discovered security vulnerabilities.

If you ignore security updates you are leaving open windows for hackers to climb through and ransack your website.

2) Take care in your plugin and theme selection. Not all plugins and themes are created equal. One of the most exploited WordPress vulnerabilities is poorly coded themes and plugins. You should almost never download plugins that are not found in the WordPress repository.

Obvious exceptions are premium plugins and those offered by other well respected companies. Just don’t go installing random plugins from unverified sources. They’re out there and they’re dangerous. The same goes for themes.

3) Before you install any plugin updates, it’s always a good idea to backup your database just in case something goes wrong.

4) Before installing a major WordPress core update, it’s a good idea to make a full backup of your site (files and database). You might also want to adopt the habit of waiting 1-2 weeks before installing new WordPress updates for 2 reasons.

One, is to let others test it first and give WordPress time to iron out all the kinks. And the 2nd reason is to give plugin developers time to test and release compatibility updates of their own. Yes, there may be important security updates in there, but a couple of weeks usually won’t hurt and it can save you a heap of trouble.

5) Change your konsoleH password. Email isn’t the most secure mode of transportation so it’s always a good idea to change the initial konsoleH password your hosting provider emailed to you. Remember, all the WordPress security measures in the world can’t help you if your konsoleH is compromised.

6) Change your administrator username from the default “Admin” to something obscure (not your actual name). 99% of brute force login attacks use the username Admin to try and break in because hackers know that thousands of WordPress users never change the default. By leaving your username as Admin, you are basically giving away half of your login credentials.

To change your username you will actually need to create a new account with admin access and then use that account to delete your old admin account. If you have any posts associated with your old account, make sure you elect to have those posts moved to your new account or they will be lost.

If you’re comfortable using phpMyAdmin, you can use it instead to change your username without actually deleting your original account.

7) If you’re going to make posts using your admin account, make sure your publicly displayed name is something other than your username (you want your username to be a secret). To change it, simply navigate to the “edit profile” section of your WordPress dashboard and look for the drop down box labeled “Display name publicly as”.

8. Check out this WordPress hardening article found in the WordPress Codex for tons of other tips on how to make your WordPress install more secure.

9) Keep updated antivirus software on the PC you access your website from. All of this website security will be for nothing if you have a keylogger on your computer that simply steals your login info the next time you sign in to your blog. There are many antivirus options out there, both free and paid.

Disclaimer

This Side Up Media will take every care to deliver the best service to keep your website up and running. However, with the nature of the internet environment, it is impossible to guarantee your working website 100%.

Limitation Of Liability

In no event shall This Side Up Media be liable under contract, tort, strict liability, negligence or other Legal theory with respect to your website, the service or any content for any lost profits or Special, indirect, incidental, punitive, or consequential damages of any kind whatsoever.