Site Maintenance and Security Hardening (SMASH) is a WordPress-centric service that keeps your website components up to date while monitoring and adapting your security stance against hackers. SMASH Hosting implements security best-practices with a vetted web host as a combined monthly subscription service that can eliminate some or all component licensing fees. You can select either SMASH or a SMASH Hosting option. The fees cover the standard estimate of effort to keep the website secure or recover it from pristine resources should a hack occur. Additional efforts could incur additional fees.
NOTE: Baremetal.com and SiteGround.com provide web hosting packages combined with e-mail. FlexTech Media does not provide end-user e-mail support, nor is e-mail available with web hosting for SMASH Hosting Basic.
- Clients using SMASH in this manner typically had their website built by another company and need help with this aspect of website ownership. Unlike SMASH Hosting, SMASH requires a one-time audit fee between $350.00 - $1500.00. This fee covers the cost of evaluating and documenting your website, then implementing SMASH based on the documented findings. The price ranges are estimates based on the sorts of website complexity I've encountered over the past decade. Additional needs can increase costs.
SMASH Hosting Basic
- Available for RapidRollout websites built by FlexTech Media, this plan combines web hosting at getflywheel.com with SMASH. It covers the cost of licenses for the base website (around $325.00/annual), and may cover additional licenses depending on the project. RapidRollout websites do not contain the security or workflow complexity of Foundation websites, and are typically easier to secure and recover. Websites evolving in complexity can upgrade to SMASH Hosting Advanced.
SMASH Hosting Adv
- Available for Foundation websites built by FlexTech Media, SMASH Hosting Advanced combines secure web hosting and SMASH for these more complex websites. In some cases it covers the cost of plugin and theme licenses used to build your custom website. SMASH Hosting Advanced includes regression testing and workflow testing (such as membership sign-up steps) to capture exceptions generated by the update and remediate them if possible at no additional charge. Additional needs can increase costs.
- NOTE: Baremetal.com and SiteGround.com provide web hosting packages combined with e-mail. FlexTech Media does not provide end-user e-mail support, nor is e-mail available with web hosting for SMASH Hosting Basic.
- SMASH Hosting Basic includes a staging website, SSL, licenses, and web hosting at getlfywheel.com. For hosting plan details, Click here. It's the "Starter" plan.
- Coverage of WordPress component licenses for base build. No update headaches as long as we stay with approved configurations.*
- Proactive Security and File Maintenance services for both staging and live website.*
- 100% Hack Recovery Coverage with approved configurations.
- Ongoing monitoring for security and stability, with the option to issue blanket authority to FlexTech Media to take action without your explicit approval first if a serious and urgent threat is detected...or not. The choice is yours.
- Notification and historical update tracking.
- Same day restoration of a compromised website when possible.
- Graceful update experiences for your website and visitors.
- Secure Offsite backups for faster recovery in case a hack gets through. It provides recovery options that go back farther than a web host's 30-day backup of your website.
- Addresses Article 25 of the General Data Protection Act: Data Protection by Design and by Default.
- For the websites I build, SMASH usually includes role-based WordPress dashboard access. This lets you give your techie Admin access, and your marketing folks content-level roles.
- Education about content management practices content managers should avoid, and the introduction of alternatives to help them do their jobs.
- Evaluation of SEO practices that may need to be modified.
- You get a dedicated professional who now has intimate knowledge regarding your website and is accountable to you for its ongoing health.
- Quantifiable knowledge about how secure your website actually is.
- In most cases, an audit will provide a Site Integration Map to capture knowledge about your website's functional architecture. This provides you with a professional technical document WordPress developers and integration experts can use as well to make sure their work does not compromise the established security stance.
- Shareholders, marketers, operations teams, and other stake holders can now be furnished with proof that you have taken the appropriate steps to protect the capital expenditure that is your website.
*Feature Modifications to the approved website after go-live might incur additional fees for any subsequent server adjustments, hack recovery, component background research, component licensing costs, security audits and adjustments needed, component conflicts, or layout and performance problems that occur. Modifications to the Theme itself, or switching to a different Theme, is not allowed without a paid security and performance audit to evaluate the code changes in advance. Doing otherwise voids the expectation of enhanced security advertised on this website as SMASH. Likewise, you or those you designate will be given "Collaborator" access to the hosting dashboard for your SMASH Hosting Basic website. Any modifications made by collaborators are entirely the responsibility of the collaborator or the website owner.
The idea here is to be able to trust all code used, with FTM as your partner in cyber-safety. Your Admin account provides access to the WordPress dashboard, with the user rights to add/remove plugins, modify sensitive settings, or add/remove users from the system. However, I’m supposed to be helping you keep the website safe and performing at its best, otherwise why host through FlexTech Media? There are certainly cheaper alternatives, but they are cheap for a reason.
If you need changes to the website’s architecture (like a new plugin or custom code, for example), just let me know. We might still be able to implement what you need for an additional fee as long as the request does not escalate the website’s complexity to that of a Foundation website. I will let you know if that’s the case, and explain why, so we can decide the safest, most cost-effective way to move forward.
How to get SMASH for your website
If I did not build your website, an audit is first conducted to evaluate your current configuration against security best practices and your site's compatibility with those approaches. I execute on those recommendations once authorized. The site is placed in a state of perpetual monitoring with safeties in place. Security audits are invasive and not entirely automated, as some things just have to be looked at closely by human eyes. It means I have to be able to get into the same areas of your website that your developer gets into, and that I must understand all your workflows and what aspects touch security concerns. Some websites require security exceptions where others do not, so I always use adaptive security approaches that require your approval to implement. Though I certainly do not expect you to understand the technical aspects of what I do here, it is important that you are aware how certain security approaches impact how your website is allowed to function. Conversely, it is important to understand if there is functionality that violates a security standard so we can decide together how to address it.
Additional Hosting Fees May Apply
SMASH requires a clone of your site on a staging server for ongoing service. The hosting must match the hosting configuration of the live site, including the purchase of any additional SSL certificates.
Updating complex builds require regression testing of workflows and other functionality. Each the site's code base is changed by an update, a full manual regression test is required to make sure all role-based security is preserved, as well as test to confirm no compromise to protected content, preservation of conditional navigation displays, and more. This testing must happen on the staging server first, then again on the live site.
My SMASH approach has stopped hundreds of thousands of attacks on websites across my portfolio, and continues to do so to this day. I created SMASH in response to what I saw almost a decade ago: WordPress gets implemented in an unsafe manner a lot by vendors who do not build such websites under a legal contract with an expectation of security. Now that the General Data Protection Regulation (GDPR) is upon us, a service like SMASH can go a long way toward GDPR compliance as well as it relates to Article 25: "Data protection by design and by default".