Login Security and Updates


Do you have any idea how many times someone has tried unsuccessfully to log into your WordPress site? SiteProtect does.

Do you have any way of blocking people from brute-force password guessing, hoping that you are using something as simple as “password” or “12345678” as part of your login credentials? SiteProtect does.

Part of the deal when you sign up with us is that we utilize the best plugins for the job at hand, even if we don’t develop them ourselves. One of them is Wordfence, which is a staple of many sites, and to me is a requirement when launching a site. It gives you real-time notifications of blocked attempts and even some handy statistics when you log into your dashboard:



The above screenshot was taking from Coding Concepts, which has always had repeated login attempts (this shows the past 2 weeks) – some of which we didn’t even know about until Wordfence came along. In the past few years it has matured into a formidable defence against WordPress hackers, and is installed by default as soon as we set up SiteProtect for you.


Part of our responsibility as WordPress developers is ensuring that our clients are taken care of after we complete their site, not just before we win them as a client, or during the development process. This includes making sure that we have a complete backup of the site taken at the minute it’s launched, and ensuring either we are performing updates or they have sufficient knowledge and confidence to do it themselves.

Let me share with you the kind of changes that happen to WordPress sites overnight, with a few of our recently added sites. Keep in mind this is just in a day. Some of these updates could be as minor as a spelling mistake, some of them as major as plugging a security hole.


The above is a notification that we receive daily to let me know what plugins need to be updated on what sites – without even logging in I can tell you that some of them look like they’re disabled and haven’t been updated in quite some time, quite a few have minor updates which just happened today, and one of the sites hasn’t updated anything in four months, which means it is still vulnerable to the CRITICAL XSS WordPress bug that was patched several weeks ago. That one is brand new to SiteProtect and is actually something that I’m working on at the time of this writing.

Once the maintenance cycle is done, which is performed daily, all of the Core updates to WordPress are updated (at the very minimum). Next come the Plugin updates, and finally the theme updates – however in a lot of cases these themes are never actually used, so it falls into the category of removing old plugins, themes, and files that you no longer need. (See here for more details)

Vulnerable Plugins

The XSS security bug that was patched recently affected many popular plugins. Read more about it below:

Help Us Help You!

Our affiliate program is active and accepting applications, so if you know someone who has a WordPress site that could use our service, let them know! We’re happy to help out, and you can earn yourself some cash via PayPal or credit towards your own SiteProtect service.

Leave a Reply

Your email address will not be published. Required fields are marked *