Updates, backups, security, performance, compliance · everything with automation + human intervention when needed. Zero technical copy-paste in your inbox · only reports of what we already resolved.
Ping every 5 min from 3 locations · alert within 30s if the site responds badly.
Certificate check + alerts 30/14/7 days before expiration · Let's Encrypt auto-renewal.
Weekly OWASP Top 10 scan · automatic fix for 17 categories (HSTS, CSP, XML-RPC, etc).
Consent banner check, privacy policy, cookie classification · alerts on undeclared trackers.
WP core and plugins updated via safelist + auto-rollback if the homepage status changes.
DB + files encrypted with AES-256 · weekly on Pro, daily off-site (Backblaze B2) on Plus.
Heuristic filesystem scan + WP core hash check · backdoor neutralization with pre-fix backup.
Weekly Lighthouse score · regression alerts · suggested cache / CDN / lazy-load fixes.
Automatic conversion to WebP · quality 88-92 compression · multi-density srcset.
Sitemap, schema markup, meta description, robots · alerts on traffic regressions.
axe-core check · alt text, contrast ratio, keyboard nav · 5 severity levels.
SPF / DKIM / DMARC check · domain reputation · spam blocklist alerts.
Multiple version history · monthly restore tested in sandbox.
24h Basic · 2h Pro · 1h Plus with 75% refund if breached > 4h.
WordPress is the most widely used CMS in the world, and therefore the most attacked. Our strategy works on three layers: prevent (proactive hardening), detect (continuous scans), respond (safelist auto-fix + human intervention for sensitive cases).
Everything is logged in an append-only audit trail · you can see every action the system takes on your site.
OWASP Top 10 scan · checks for weak admin credentials, plugins with known CVEs, tampered core files, missing security headers.
HSTS, CSP, X-Frame-Options, disable XML-RPC, hide WP version, salt rotation, .htaccess hardening, file perms · applied immediately, reported afterwards.
Heuristic detection (eval+base64, goto labels, hex escape) + hash diff vs WP core · false-positive whitelist (sodium_compat, openssl, etc).
WP core + plugins updated in a nightly window · post-update homepage test · automatic rollback if HTTP status changes.
Lighthouse score below 80 = organic traffic in free fall. We measure weekly (mobile + desktop), optimize images, cache, CDN configuration, and tell you where the bottleneck actually is.
No "cosmetic optimization". If TTFB is high because the hosting is slow, we say so · and recommend migration, not snake oil.
Performance · accessibility · best practices · SEO score · alerts on regression > 5 points compared to baseline.
All future image uploads converted to WebP at quality 88-92 · PNG/JPG fallback via <picture> tag.
W3 Total Cache / WP Super Cache configuration · Redis object cache if hosting supports it · Cloudflare/BunnyCDN setup.
LCP / INP / CLS measured real-user (CrUX) · regression alerts · specific fix recommendations.
A backup that's never been tested is a backup that doesn't exist. Our system runs a monthly sandbox restore + smoke test to verify the dump is readable · encrypted with AES-256 at rest, with multi-tier retention.
If your site gets compromised, the restore starts automatically from the most recent verified backup, not from the last "let's hope it works" one.
DB + uploads + plugins + themes · GPG-encrypted · on-premise storage + off-site replica.
Encrypted Backblaze B2 · cross-region replication · encryption key managed via env var separate from the backup.
Automatic restore in sandbox + homepage smoke test · alerts if restore fails or smoke test doesn't pass.
Atomic per-file backup before any `write_file` or AI action · suffix `.MALWARE-{ts}.bak`.
Knowing the site is down before the customer does is the difference between "Emergency response" and "embarrassed apologies". Monitoring runs continuously · we see it in real time, you only get alerts when there's actually a decision to make.
No "uptime check passed" emails every 10 minutes. Silence when things are fine, alert when needed.
HTTP ping from 3 locations (Milan · Frankfurt · London) every 5 minutes · alert if 2 out of 3 fail.
Daily certificate check · alerts 30 / 14 / 7 days before expiration · Let's Encrypt auto-renewal if hosting supports it.
SPF / DKIM / DMARC validation · domain reputation tracking · alerts if the server IP lands on a spam blocklist.
Real-time dashboard visible from your portal · last ping · last audit · last verified backup.
Compliant cookie banners, an up-to-date privacy policy, WCAG accessibility · these topics feel intimidating because they sound legal, but they're technical issues that get solved with periodic checks.
The system tells you what's missing, we apply it where possible, and we give you a compliance report you can use in the event of a Privacy Authority audit.
Cookie + tracker scan · technical/analytics/marketing classification · alerts on trackers not declared in the consent banner.
AI-generated template based on your real stack (CMS, plugins, hosting, processors) · monthly review.
axe-core scan · missing alt text, insufficient contrast ratio, form labels, keyboard navigation · 5 severity levels.
Automatic cleanup of spam, transients, post revisions, AI logs > 90 days · DB optimized monthly.
If the issue is fixable by our safelist automation, we've already resolved it · you get a report of what was applied. If it requires a human decision or external access (provider, customer), we tell you what the issue is and what we need from you · no technical copy-paste, no "open cPanel and do this".
We'll show you the real state of your site within 1 business day · zero commitment, zero sales pitch.