Checking the site integrity and security

The upkeep by Seravo includes making sure that the website stays functioning and secure. The prerequisite to this is that the site is unbroken at the moment of publishing. This means that the upkeep does not include fixing the site or cleaning it up, if the site has previously had malicious code or, for example, the custom theme on the site has some coding errors. Below are some hints you should keep an eye of when publishing a new website:

• Enable HTTPS if it was not already enabled on the previous service provider. Also change the URLs in the database and files from the insecure http:// to https://
• If the site has comments enabled it is advised to install a Google ReCaptcha-plugin to prevent bots from spamming. The same plugin can add more security against bots into the WordPress login page as well as user registration.
• Remove all themes and plugin that are not in use. Also remove the unnecessary security-, backup- and caching-plugins.
• Open the Developer Console or similar tool to check if there is any network or JavaScript errors. Browse through the front page, few sub-pages, and some /wp-admin sites to make sure there are no errors.
• Check that your plugins are compatible with the newest PHP version in use. To check the compatibility, you can use our guide on how to change the PHP version on your site.
• Check from the server that there are no errors in /data/log/php-error.log.
• Login to the server using SSH information provided to you and run the general Seravo test for WordPresswp-test and check that it does not give any errors.
• After running the tests, check also the user passwords with the Seravo wp-check-passwords tool. Taking care of password hygiene is the only separate security aspect left to the responsibility of the customer when the site is hosted by Seravo. Our security guarantee covers cleaning and restoring the site if proper password hygiene has been followed.