Q: Isn’t WordPress made to be secure? I’m good at upgrading when a new release is available – won’t that keep me safe?

A: If your approach to security is simply to upgrade WordPress when a new version comes out, then no, you’re not safe. As the WordPress developers would be the first to tell you, securing an installation isn’t just about protecting your filesystem and database from attack (which, by the way, involves more than just upgrading regularly). It also means verifying the integrity of your host’s server configuration and keeping whatever devices you use to access WordPress free of malware. You owe it to yourself and the people you work with to make security a priority. If you need assistance locking up your site and adopting best practices, I’m here to help.

Q: Will hardening my installation cause problems with plugins I have installed?

A: It’s possible, but well-written and well-supported plugins should continue to work just fine after an installation has been hardened against attack. That’s been the case in my experience. A plugin that breaks completely as a result of implementing more stringent security measures isn’t a good plugin.

Q: I administer a blog on WordPress.com rather than running my own self-hosted WordPress site. Do you offer any services for users of WordPress.com?

A: No, my services are for self-hosted WordPress users on shared or virtual private server hosting. If you blog at WordPress.com, Automattic takes care of you. However, you should still be following best practices for accessing your account at WordPress.com (like keeping your computer free of malware).

Q: I administer many WordPress sites and would like them all audited and/or locked up. May I hire you to do that?

A: Yes, but what I charge will depend on how many WordPress sites you’ve got. (That’s why, when you buy a service using the shopping cart, you can’t change the quantity of the services you are purchasing). I do offer a discounted rate for clients who want me to audit and secure more than one site simultaneously. Contact me for more details.

Q: My site was hacked, and I need help getting it cleaned up. I don’t see an option on the Services page for site recovery and restoration. Why?

A: Because un-hacking a site is tricky and complicated. I can’t charge a flat rate upfront since I don’t know how much work is involved until I evaluate the damage that’s been done. However, that doesn’t mean I can’t help you! Please contact me and describe your situation to get a free consultation. I will estimate how many hours I think it’ll take me to un-hack your site and strengthen it against future attacks before you’re on the hook for anything. That way, you’ll have a reasonable idea of what my fee will be. To get started, just contact me.

Q: Can I pay using PayPal?

A: No, I don’t accept payment through PayPal, primarily because PayPal isn’t a bank and does not have to follow federal banking regulations. As an entrepreneur, I don’t want to have to deal with the hassle of arguing with PayPal if they freeze or restrict my account for some reason. That’s why I don’t do business with them.