Is your website secure? Here’s how we help keep it that way

Lee Maguire

1 May 2025

Even with robust day-to-day protections in place, a one-off deep dive can uncover hidden issues and opportunities for improvement

Website security and maintenance are an essential part of website management. We understand that a secure, well-maintained site isn’t just about preventing attacks – it’s also about ensuring your content stays accessible, your site remains easy to manage, and bugs don’t disrupt your users’ experience.

Why regular site reviews matter

Even with robust day-to-day protections in place, a one-off deep dive into your site’s specific setup can uncover hidden issues and opportunities for improvement. Our dedicated security and maintenance reviews are designed to do exactly that – future-proof your website and keep it running smoothly.

What we include in a one-off security and maintenance review

Plugin audit

• Are all your plugins still needed?
  Redundant plugins can clutter your site and pose unnecessary security risks. We identify and recommend the removal of unused ones.
  
• Are they well-maintained?
  Plugins that aren’t regularly updated may not be compatible with modern WordPress or PHP versions. We flag outdated plugins and suggest better alternatives.
  
• Do any have a poor security history?
  A bad track record may be a red flag. We identify risky plugins and recommend replacements with stronger security reputations.
  
• Have they changed hands?
  Sometimes plugins get acquired and their quality drops. We evaluate development practices and flag concerns early.
  

Theme audit

• Is your theme up to date with WordPress and PHP?
  Outdated themes can slow your site or break it altogether. We scan for deprecated code and suggest improvements.
  
• Are third-party dependencies still safe?
  We audit the libraries your theme uses, ensuring everything is current and supported.
  
• Is user input handled safely?
  Custom code often misses key data sanitization steps. We run automated checks and recommend secure coding practices.
  
• Is your admin panel too open?
  Editors should never accidentally break your site. We review and lock down sensitive admin settings if needed.
  

 User account audit

• Are there inactive or outdated user accounts?
  We track logins and flag accounts that can safely be removed – improving both security and user management.
  
• Are users assigned the right roles?
  Too many admins = too much risk. We recommend role downgrades where appropriate.
  
• Are any passwords compromised?
  We check against known breach lists and require users to change weak or previously compromised passwords.
  
• Do you use multi-factor authentication (MFA)?
  MFA is one of the strongest defences against unauthorized access. We can help implement it site-wide or just for high-privilege roles.
  

What we already do for our clients

If your site is hosted by dxw, we already provide strong baseline protections, including:

• Fast application of WordPress core updates
  Security patches applied following a testing/deploy mechanism that code passes through before being available in production.
  
• Automated plugin vulnerability scanning
  Checked every 2 hours during working hours via the Patchstack API.
  
• Timely patching of vulnerabilities
  Fixes applied proactively, often before vulnerabilities are publicly disclosed.
  
• Protection from insecure file changes
  All WordPress files are locked down to prevent unauthorised modifications.
  
• Disabled XML-RPC and locked-down PHP execution
  Reducing the attack surface and eliminating known exploit paths.

Enhanced features with some extras

All our GovPress-hosted sites run with additional platform protections, including:

• CAPTCHAs after failed login attempts
  
• Enforced minimum password length
  
• Blocking of passwords known to be used in past breaches
  
• Login inactivity tracking (6+ months)
  
• Hardened login error messaging to prevent username harvesting
  

Want peace of mind? Let’s talk.

A one-off site security and maintenance review provides insight, reassurance, and a roadmap for a healthier site.If you are interested in a security and website review please email govpress@dxw.com and a member of the team will be in touch.