🔒 WordPress Security

WordPress Security Audit & Hardening.

For site owners, store owners, and agencies who've been hacked, are at risk, or need serious security — not a plugin, a real expert.

One-Time Packages

Pick based on what you need — audit only, full fix, emergency cleanup, or team training. All include a 7-day warranty.

Package 1

Security Audit Only

Best for: Know exactly what's wrong before committing to fixes

$299

Per site · One-time

⏱ 2–4 business days

✓Check for active compromise: backdoors, injected admins, rogue plugins, PHP droppers

✓Plugin & theme vulnerability review with risk ranking (Critical / High / Medium / Low)

✓WordPress config audit (wp-config.php, file permissions, upload vectors)

✓Admin access audit (user roles, XML-RPC, REST API, login protection)

✓Hosting/server-level review (SFTP/SSH, panel access, site isolation)

✓Full written audit report with severity, impact & recommended fix per finding

✓Prioritised fix list handed to client or developer

Package 2Most Complete

Audit + Hardening

Best for: Findings fixed, not just reported

$599

Single site · One-time

⏱ 3–5 business days

✓Everything in Package 1, plus:

✓Malware & backdoor removal (if active compromise found)

✓WordPress core, plugin & theme integrity restoration via WP-CLI

✓wp-config.php hardening (keys, salts, debug off, DB prefix)

✓File & directory permission hardening

✓XML-RPC disabled at Nginx level, REST API exposure control

✓Admin login protection (URL obfuscation, rate limiting, brute force)

✓HTTP security headers (HSTS, X-Frame-Options, CSP, X-Content-Type)

✓Rogue users, suspicious tasks & admin accounts removed

✓Cloudflare WAF setup (basic rules + brute force protection)

✓Post-hardening verification + hardening summary document

Package 3

Multi-Site Audit + Hardening

Best for: Agencies or owners with multiple WP sites — especially on shared hosting

From $999

Custom quote · 3+ sites

⏱ 5–10 business days

✓Everything in Package 2 applied across all sites

✓Cross-site isolation audit (critical on shared hosting)

✓Hosting panel hardening (Hostinger, cPanel, or equivalent)

✓Shared hosting isolation setup (prevent site-to-site spread)

✓Single audit report covering all sites with per-site findings

✓Prioritised fix order (most critical sites first)

2 sites: from $9993–5 sites: from $1,4996+ sites: custom quote

Package 4🚨 Emergency

Post-Hack Emergency Cleanup

Best for: Sites actively hacked — spam links, virus injected, admin access lost

$499 – $999

One-time · Emergency priority

⏱ 1–3 business days

✓Full malware scan & removal

✓Backdoor & injected code removal

✓Rogue admin users, plugins & scheduled tasks removed

✓WordPress core restoration via WP-CLI

✓Entry point identification (plugin vuln, stolen creds, brute force, etc.)

✓Security hardening applied after cleanup to prevent reinfection

✓Post-cleanup audit report + incident summary

Quoted after initial assessment. Price depends on infection depth, number of files, and sites affected.

Package 5

Security Playbook + Team Training

Best for: Teams who want to be self-sufficient — not dependent on external help

$299

One-time

⏱ 2–3 business days after onboarding call

✓Custom security playbook for your specific setup

✓Update policy (core, plugins, themes)

✓Backup policy & schedule

✓Access control rules (user roles, password policy, MFA)

✓Plugin installation rules

✓'What to do if something looks off' response checklist

✓60-minute training call (owner + developer/team)

✓Documented SOPs shared after call

✓Incident response flow: who does what, in what order

Add-Ons

Extend any package with these optional extras.

Cloudflare WAF advanced rules setup$149

MFA (Two-Factor Auth) setup for all admin accounts$99

Uptime + file change monitoring setup$149

Automated backup to S3 or Google Drive setup$149

Developer coordination (working alongside client's dev team)$70/hr

Additional site added to existing audit scope$199/site

Staging environment setup (safe testing before live changes)$199

Monthly Security Maintenance

Ongoing protection — scans, updates, monitoring, and support on a monthly retainer.

Security Basic

$199/month

1 site · 1 support hour/month
Extra: $70/hour beyond included

✓Weekly automated malware + file integrity scan
✓Weekly backup to S3 or Google Drive
✓Plugin + core update management (tested before applying)
✓Email blacklist monitoring
✓Response within 48 business hours

Security Standard

$399/month

Up to 3 sites · 3 support hours/month
Extra: $65/hour beyond included

✓Everything in Security Basic, plus:
✓Weekly manual review of scan results + Cloudflare/WAF logs
✓Admin user & access audit (monthly)
✓Response within 24 business hours

Security Priority

$799/month

Up to 10 sites · 8 support hours/month
Extra: $60/hour beyond included

✓Everything in Security Standard, plus:
✓Emergency incident response included (hack, malware, defacement)
✓Weekly deep review: file changes, login attempts, plugin changes
✓Monthly security summary report

What's Not Included

Full transparency on scope boundaries.

✕Hosting or VPS cost (client's own)
✕Domain cost (client's own)
✕Paid plugin or theme licenses
✕Cloudflare paid plan (free tier sufficient for most setups)
✕Full website development or redesign
✕Fixes caused by third-party plugin bugs (flagged in audit, quoted separately)
✕Legal or compliance advisory (GDPR, PCI, etc.)

🔒 Security & Scope Control

All work is performed on client-granted access only. No changes are made outside the agreed scope. A full log of every change is documented and handed over. Client retains full control at all times.

🛡️ 7-Day Warranty

All audit and hardening packages include a 7-day warranty. If a reinfection or issue occurs within 7 days due to a vector that was in scope, it is addressed at no extra charge.

Not sure which package fits?

Book a call — describe what's happening and we'll recommend the right starting point.

Book a Security Call Request a Quote