WordPress Security

How secure is your WordPress website?

According to hostinger.com, a WordPress website is hacked every 22 minutes, which amounts to around 13,000 per day.

Reading time: 4 minutes
Written by Joshua de Hek
Front-end web developer & WordPress security advisor

WordPress security is an important aspect of website management, as WordPress websites are a common target for cyber attacks. According to hostinger.com, a WordPress website is hacked every 22 minutes, which amounts to around 13,000 per day.

Small to medium-sized businesses are particularly vulnerable to such attacks, as they may not invest in security measures for their website. Fortunately, some measures can be taken to guard WordPress websites against such attacks, including the use of security plugins, such as Solid WP Pro, vulnerability detection and real-time protection services, such as Patchstack, and content delivery networks, such as Cloudflare.

These services can help protect against brute force attacks, vulnerabilities within plugins, and malicious traffic, among other threats. Website owners need to invest in WordPress security measures to safeguard their website and customers’ data.

We will discuss the following 3 stages of WordPress security.

Stage 1: Solid WP Plugin
Stage 2: Patchstack
Stage 3: Cloudflare

Stage 1: Solid WP Pro Plugin

What does it do?

Solid WP is a security plugin that secures your website from brute force attacks and identifies vulnerable plugins. It includes customer login security requirements such as two-factor authentication and bio-metric passwords. Solid WP pro also provides a firewall for your website and as this software is connected to a network it will automatically ban IPs that are seen as a threat and then share this information with the network.

Why do you need it?

A WordPress website is hacked every 22 minutes which comes to around 13,000 per day according to hostinger.com. Nearly half of the cyber attacks prey on small to medium-sized businesses as they do not often invest in security measures for their website. Thankfully we can take measures to guard our websites against such vulnerable attacks. A security plugin for WordPress is the first place to start.

As an example of how powerful this plugin is, I got an average of 300 brute-force attacks per day. Thanks to Solid WP Pro it brought this number down to nearly 90% fewer brute force attacks per day. This was in part thanks to the ability to be able to disable the XML-RPC. The WordPress XML-RPC API allows external services to access and modify content on the site. Common examples of this are the Jetpack plugin and pingbacks. Often hackers will use these files to attack and enter your WordPress website.

I also entered specific firewall rules which block local brute force attacks. It goes without saying that without this plugin I am sure my website would have been hacked. However, I decided to take extra measures to ensure security and I will discuss this next in Stage 2: Patchstack.

Pricing:

Solid WP Pro costs €99 per year per website. https://solidwp.com/security/
TheKiwiConnection: €79 for our customers excl VAT/BTW

Stage 2: Patchstack

What does it do?

Patchstack protects your WordPress website against vulnerabilities within your plugins. Often WordPress websites will use plugins or third-party software to extend services on their websites. However, with these extensions come security issues. Patchstack detects vulnerabilities in real-time and then provides special protection rules or (vpatches) to secure your website. Plugins such as Elementor, WP Rocket and many more use Patchstack as their official point of contact so that when a vulnerability is detected they can quickly provide an update for their plugins.

Why do you need it?

In 2022 Patchstack found 4528 security WordPress plugin vulnerabilities and provided instant automatic (vpatching). By having real-time firewall rules and detection you are constantly being guarded against intrusive attacks. In June 2023 Patchstack blocked 2,613,505 threats in WordPress websites worldwide. So if a plugin becomes vulnerable you will be alerted within 48 hours and protection is then deployed via (vpatching) and firewall rules on your WordPress website.

Pricing:

Patchstack is €10 per month. This includes vulnerability detection and Real-time protection.
TheKiwiConnection: We provide these services for a yearly fee €120 per year excl VAT/BTW

Stage 3: Cloudflare WAF

What does it do?

Cloudflare is a service that provides a CDN (Content Delivery Network) to speed up websites and also protects millions of customers globally. Beyond hiding your origin’s IP address from potential attackers, Cloudflare also stops malicious traffic before it reaches your origin web server. Cloudflare automatically mitigates security risks using their WAF and DDoS protection.

Why do you need it?

I thought my website was safe with stage 1 (Solid WP Pro) and stage 2 (Patchstack) until I added the Cloudflare WAF (Web Application Firewall) it protects your website from attacks such as DDoS, cross-site forgery, cross-site scripting or SQL injecting. Within a few days of setting up the Cloudflare WAF, it had already blocked 19 attacks such as TOR, Bad bots and hackers trying to inject javascript into my WordPress website. Even though I only have basic WAF it is amazing. I am at present using a free account but do intend to move over to a paid subscription.

Another benefit is that it hides my domain’s actual IP address which makes it harder for hackers to track down the actual server I am using as well as providing an SSL encryption layer around my website. So between the browser and the origin server, we have a firewall around the website files.

Pricing:

Cloudflare: Free however depending on your requirements this can cost around 20 per month or more. https://www.cloudflare.com/en-gb/plans/
TheKiwiConnection: Setup costs €200 excl VAT/BTW, Includes setup of CDN, WAF and rerouting your current domain name via Cloudflare DNS servers (no downtime) to hide your IP address.

WooCommerce for shops

When choosing a hosting plan please don’t forget to choose servers nearest your country for the best results.

Why Choose Us

Nexcess servers keep your website safe and sound.

Thanks to Nexcess managed hosting we know your website or online shop is in great hands. They provide FREE migration and are accessible 24/7 via phone, chat or tickets. via your hosting environment.

The amount of our clients that use Nexcess

Trust is earned and Nexcess have proven time and time again to be there for our clients so we are there for them!

99.99 uptime on all managed hosting

Nexcess is to home to some of the largest WordPress websites online. If major corporations trust them that is good enough for me.

Dont take our word for it! Trust our clients

Here is what our clients have to say about us and our work ethics. Before you can work out where you are going you need to know where you are now! If you as a business have the answer to that question let’s connect.

And another one off the bucket list. The new Intrak website is live! And what a pleasure to be able to work with my former colleague Joshua de Hek again. Nice colleague, he has all the patience with my limited internet knowledge and shares all his knowledge about web pages in Jip and Janneke language with me so that I know what to say yes and no to. Too bad Josh it’s over and you live so far away, because I’d do it again in a heartbeat. And do you need a new website? Ask Josh, because I suspect he is really in the Dutch top 3 for building in WordPress. But he is too modest to say so himself. Take a look at our website intrak.nl or even better at his site www.thekiwiconnection.nl!

Jeroen van de Ven

General Director

Working with The Kiwi Connection has been so easy. Both Josh and Mirjam, took interest in our company and what we needed from our website. They listened to our ideas and needs and using their expertise and creativity, transformed them into a fantastic website that surpassed our expectation. The communication between companies was excellent, with step by step guidance given when needed to help the process along. From start to finish it has been a pleasure working with them.

Giles Rivers

Sales Director of Votex Hereford Ltd

Very pleasant teamwork in which Joshua seamlessly translated our objective with the website into the right look & feel. Joshua leads you through the process like a guide, showing great expertise as well as flexibility. As a result, we were able to realise a beautiful website despite a very tight deadline.

Jonathan Leidelmeijer & Marcel Azier

Level 3

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Talk To An Expert