Site Maintenance and Security Hardening (SMASH) keeps your website components current while monitoring and adapting your security stance against hackers. SMASH Hosting implements security best-practices with a vetted web host as a combined monthly subscription service that includes FrequentFlexer Support.
- For clients that had their website built by another company and need help with this aspect of website ownership. Unlike SMASH Hosting, SMASH may require a one-time audit fee between $350.00 - $1500.00. This fee covers the cost of evaluating and documenting your website, then implementing SMASH based on the documented findings.
- Available for RapidRollout websites built by FlexTech Media, this plan combines web hosting with SMASH. It covers the cost of licenses for the base website (averaging $550.00/annual), and may cover additional licenses depending on the project.
- NOTE: Flywheel hosting does not provide e-mail, and FlexTech Media does not offer e-mail support. Ask about the best e-mail solution for your situation and I'll make some recommendations.
- SFTP and Database Access are available with WordPress CMS Professional.
- Coverage applies only to approved configurations. Increased complexity may increase the subscription price.
- SMASH is included in the WordPress CMS Professional package subscription. It is possible with that package to modify the approved configuration beyond what is covered. Working together we can expand the base coverage but must do so carefully.
- Proactive Security and File Maintenance services for both staging and live websites.
- Ongoing monitoring for security and stability, with the option to issue blanket authority to FlexTech Media to take action without your explicit approval first if a serious and urgent threat is detected...or not. The choice is yours.
- No charge for addressing plugin or theme conflicts.
- Same day restoration of a compromised website when possible.
- Addresses Article 25 of the General Data Protection Regulation: Data Protection by Design and by Default.
How to get SMASH for your website
If I did not build your website, an audit is first conducted to evaluate your current configuration against security best practices and your site's compatibility with those approaches. I execute on those recommendations once authorized. The site is placed in a state of perpetual monitoring with safeties in place. Security audits are invasive and not entirely automated, as some things just have to be looked at closely by human eyes. It means I have to be able to get into the same areas of your website that your developer gets into, and that I must understand all your workflows and what aspects touch security concerns. Some websites require security exceptions where others do not, so I always use adaptive security approaches that require your approval to implement. Though I certainly do not expect you to understand the technical aspects of what I do here, it is important that you are aware how certain security approaches impact how your website is allowed to function. Conversely, it is important to understand if there is functionality that violates a security standard so we can decide together how to address it.
Additional Hosting Fees May Apply
SMASH requires a clone of your site on a staging server for ongoing service. For simpler websites I did not build, I offer a $50/annual clone and hosting service for a staging website that provides WordPress dashboard login but does not offer FTP, SSH, Putty Access or Server Control Panel Access.
Updating complex builds for custom WordPress websites I did not build requires regression testing of workflows and other functionality. Complex sites require a close-duplicate staging server hosted with the same company that hosts the live website. In this case, each the site's code base is changed by an update, a full manual regression test is required to make sure all role-based security is preserved, as well as test to confirm no compromise to protected content, preservation of conditional navigation displays, and more. This testing must happen on the staging server first, then again on the live site. There is an hourly fee for cloning your complex build into my service that is based on the complexity of the custom build your web designer implemented.
My SMASH approach has stopped hundreds of thousands of attacks on websites across my portfolio, and continues to do so to this day. I created SMASH in response to what I saw almost a decade ago: WordPress gets implemented in an unsafe manner a lot by vendors who do not build such websites under a legal contract with an expectation of security. Now that the General Data Protection Regulation (GDPR) is upon us, a service like SMASH can go a long way toward GDPR compliance as well as it relates to Article 25: "Data protection by design and by default".