Additional Service: Security Hardening

Service Description

Security Hardening is an additional service for WordPress hosting plans provided by Seravo to improve the security of your website. Although security is a core feature of every Seravo WordPress hosting plan, site security can be improved if necessary.

At Seravo, information security is actively enforced through updates and daily security scans for malicious code. In addition, additional features can be enabled on sites, and configuration settings can be reviewed to further enhance the site’s security. As a service, Security Hardening assesses the level of security of a site and recommends measures to make data breaches less likely. Security Hardening can be carried out at any stage of a site’s development lifecycle – on newly deployed sites, or those that have been in development for some time already.

Security Hardening helps you to assess the current security situation of your website. Security Hardening is recommended to be carried out when a data leak on a site would be particularly damaging to the company’s business, or when the site has been compromised in the past.

During Security Hardening, the site is scanned by Seravo’s security expert to identify security threats and prevent data breaches. The security settings of the site are reviewed, and results are reported to the customer. The service also includes ensuring that the most basic security settings are in place and properly configured. The report includes recommendations for further action and optional security settings.

Contents of Security Hardening

Security Hardening can, for example, include the following checks:

  • Site integrity (errors in PHP and/or JavaScript, mixed content, etc.)
  • Cache performance
  • Log audit (including but not limited to failed logins, bot traffic, error logs)
  • Plugin and theme security
  • Update tests
  • User and user role checks
  • Access restriction checks

Upon completion, a report of the findings will be delivered to the customer. The report also includes recommendations for further action to heighten the site’s security. In some cases, Seravo may be able to implement these improvements, in which case the report also includes information about any and all security configuration changes carried out by Seravo.

Improvements to site security always depend on the site in question, and the exact content of this service depends on the technical implementation of the site. Security Hardening may include, for example, a review of the user interface, a review of the security settings available through the Seravo Plugin, and guidelines for improving the security of the site based on the findings.

By reviewing site’s security with the Security Hardening service, vulnerabilities can be mitigated and the attack surface can be minimised for potential data breach attempts by updating the plugins, for example.

Any additional fixes and changes to the site are billed separately as Special Expert Work, such as replacing a plugin in WordPress. Any additional work carried out on top of the Security Hardening service are always agreed separately with the customer, and are only carried out with a separate permission.

Limitations

Security Hardening does not guarantee that the site cannot be subject to a data breach, and does not guarantee the security of the site. This service does not provide any additional compensation if, despite all efforts, the site is compromised in the future.

Security Hardening is not intended for everyday security checks. All sites maintained by Seravo are scanned daily for malicious code. The Seravo Security Guarantee, which is included in all WordPress hosting plans, promises that a site will be cleaned of malicious code if it is hacked while it is hosted at Seravo.

Security Hardening is also not suitable as a site security audit, but can be carried out as a supporting measure to a more comprehensive site audit, for example.

Security Hardening can not be performed on sites in external hosting services or sites hosted on other servers, i.e. it can only be ordered for a WordPress site that is currently hosted by Seravo. The additional Security Hardening service can be ordered as soon as the site has been migrated to Seravo’s servers. However, please note the validity of Seravo’s Security Guarantee.

Security Hardening should be ordered well in advance, at least one week before the possible deadline.

Additional Services

Security Hardening does not include web development, nor does it include further development of WordPress itself, its themes, plugins or custom functionality of the site. This service is not intended to maintain outdated or insecure code, and such fixes remain as the responsibility of the site’s developer.