Security may seem like a given, but with most websites, including WordPress websites, it is not. As such, we recommend the following protocol to mitigate the likelihood of a successful breach.

But Why Would Someone Hack Me?

This is a valid question and one that we hear often. The truth is, we don’t always know why. Most often though, a hacker wants to gain access to a website in order to exploit it to do things for them so that they don’t get caught doing it on their own server. Things such as sending spam email to hundreds of email addresses every hour. This can result in your website becoming slow or unresponsive and can get your domain name or server blacklisted. As a general rule of thumb: getting ON a blacklist is EASY – getting OFF a blacklist is TORTURE!

Recommended Protocol

  • Captcha on Login (0.5)
    This makes it more inconvenient for hackers to even try to log in.
  • Obfuscated Admin Username (0.5)
    This makes it harder for hackers to guess your username.
  • Strong Admin Password (0.5)
    This makes it harder for hackers to crack your password.
  • Login Attempt Limiting (0.5)
    This makes it so that hackers have to take extra steps on their end to hide their identity in order to try to log in
  • Login Country Limiting (0.5)
    This makes it so that hackers attempting to pretend they are from other countries will never even get a chance to try to log in.
  • Brute Force Protection (0.5)
    This makes it so that hackers with sophisticated systems that attempt to breach security at a super accelerated rate are not allowed to.
  • Login IP Limiting (0.5) (optional)
    This makes it so that only approved IP addresses can log in.
  • 2-Factor Authentication (0.5) (optional)
    This makes it so that even when a log in is successful, a secondary approval (usually on your personal device) must be completed.
  • Change Detection Monitoring (0)
    Even with all of the above, it is still advisable to keep tabs on things. Our monitors (we run two) keep tabs on your website so that IF anything changes, we know about it immediately and can react accordingly.


The cost of implementing the recommended protocol ranges from $75-$100 depending on whether or not you elect to include Login IP Limiting and/or 2-Factor Authentication. The reason being that some administrators travel often and their IP address changes regularly and some just find 2-Factor Authentication to be too inconvenient and moreso when your personal device is not charged or not able to receive the notice.

NOTE: The numbers shown in parentheses are part of our touchpoints system.