Site Maintenance and Security Hardening (SMASH) keeps your website components current while monitoring and adapting your security stance against hackers. SMASH Hosting implements security best-practices with a vetted web host as a combined monthly subscription service that includes FrequentFlexer Support.
- For clients that had their website built by another company and need help with this aspect of website ownership. Unlike SMASH Hosting, SMASH may require a one-time audit fee between $350.00 - $1500.00. This fee covers the cost of evaluating and documenting your website, then implementing SMASH based on the documented findings. Once you're on subscription, technical support is free.
- This plan combines web hosting with SMASH, and grants free technical support. It covers the cost of licenses for the website, and may cover additional licenses depending on the project.
- Your organization must own the plugin, theme, or other licenses that were used to build your website. Alternatively, if you are using your web designer's licenses, that person must be available to receive support e-mails from the licensing authors, and the license must be kept current in case support is needed.
- Some licenses, such as those purchased through the Envato Marketplace, have a separate fee for getting tech support after the first 6-months of licensing. You must be willing to pay that fee in case I need help from that code author/organization.
- This is not a licensing service, but I can help you sort out what's going on with your licenses.
- The initial SMASH audit fee is still applicable whether you decide to move forward with my service or not. The audit is a stand-alone service that delivers a comprehensive view of your website in the form of documentation and meetings.
- NOTE: Flywheel hosting does not provide e-mail, and FlexTech Media does not offer e-mail support. Ask about the best e-mail solution for your situation and I'll make some recommendations.
- Coverage applies only to approved configurations. Increased complexity may increase the subscription price.
- Proactive Security and File Maintenance services for both staging and live websites.
- Ongoing monitoring for security and stability, with the option to issue blanket authority to FlexTech Media to take action without your explicit approval first if a serious and urgent threat is detected...or not. The choice is yours.
- No charge for addressing plugin or theme conflicts. However, if the resolution involves paying a programmer or other IT professional to resolve the issue, I will coordinate with such professionals and invoice you for the cost but not for my time. This can be a huge savings.
- Same day restoration of a compromised website when possible.
- Addresses Article 25 of the General Data Protection Regulation: Data Protection by Design and by Default.
How to get SMASH for your website
If I did not build your website, an audit is first conducted to evaluate your current configuration against security best practices and your site's compatibility with those approaches. I execute on those recommendations once authorized. The site is placed in a state of perpetual monitoring with safeties in place. Security audits are invasive and not entirely automated, as some things just have to be looked at closely by human eyes. It means I have to be able to get into the same areas of your website that your developer gets into, and that I must understand all your workflows and what aspects touch security concerns. Some websites require security exceptions where others do not, so I always use adaptive security approaches that require your approval to implement. Though I certainly do not expect you to understand the technical aspects of what I do here, it is important that you are aware how certain security approaches impact how your website is allowed to function. Conversely, it is important to understand if there is functionality that violates a security standard so we can decide together how to address it.
Additional Hosting Fees May Apply
SMASH requires a clone of your site on a staging server for ongoing service. For simpler websites I did not build, I offer a $50/annual clone and hosting service for a staging website that provides WordPress dashboard login but does not offer FTP, SSH, Putty Access or Server Control Panel Access.
Updating complex builds for custom WordPress websites I did not build requires regression testing of workflows and other functionality. Complex sites require a close-duplicate staging server hosted with the same company that hosts the live website. In this case, each the site's code base is changed by an update, a full manual regression test is required to make sure all role-based security is preserved, as well as test to confirm no compromise to protected content, preservation of conditional navigation displays, and more. This testing must happen on the staging server first, then again on the live site. There is an hourly fee for cloning your complex build into my service that is based on the complexity of the custom build your web designer implemented.
My SMASH approach has stopped hundreds of thousands of attacks on websites across my portfolio, and continues to do so to this day. I created SMASH in response to what I saw almost a decade ago: WordPress gets implemented in an unsafe manner a lot by vendors who do not build such websites under a legal contract with an expectation of security. Now that the General Data Protection Regulation (GDPR) is upon us, a service like SMASH can go a long way toward GDPR compliance as well as it relates to Article 25: "Data protection by design and by default".