Security services for Wundertravel
The travel company Wundertravel contacted us because their previous Wordpress development company could not fix their persisting spam, hosting and security issues. They were frustrated because they had to disable the booking form entirely to stop hundreds of spam emails flooding their inbox.
A bunch of problems
As companies that offer Wordpress services often don't set up proper anti-spam measures, having severe issues with spam is unfortunately very common with Wordpress websites.
Wundertravel received 100+ spam messages each day. Disabling their booking form led to other problems along the way as a contact form is an important asset. It made normal work impossible and valid customer messages got mixed up with spam in the inbox. Apart from this nerve racking spam problem, there were a lot of other problems as well. Since no security module was installed, Wordpress was left vulnerable to all sorts of attacks.
Security analysis
Our team looked at the Wordpress installation and found out plugins, themes, Wordpress itself and PHP never got updated. The risk for a hack was very high. The admin panel also had not been properly secured and was reachable under the default /wp-admin address which is very bad practice. Before any other work on the website could be done, these issues needed to be fixed as fast as possible.
Creating a full backup
Creating a backup in Updraft Plus
We created a full backup, did a test restore and came to the conclusion everything works as intended. In this case we used Updraft Plus which is a fairly good solution, if there is no need for migration to another server.
Preparation & planning
Before we do any work on a wordpress installation we make sure that we create a full backup and that it is actually possible to restore backups.
The second point cant be stressed enough, as a backup is completely useless if it can not be fully restored! As a next step we compiled a list of all the problems we wanted to fix:
- Create our own user account
- Delete all unused or inactive plugins
- Update all plugins, themes and modules
- Set up a security module and firewall
Working on our tasks
We always create your own user before we do changes to a system. It helps a lot when we need to go through activity logs in an application like WP Cerber. Separate user accounts also come in handy if we want to review who did certain changes and lets us quickly determine who was responsible if something went wrong. With our own user account we carefully checked all unused plugins, beginning with duplicate cache plugins.
These are very common when people try to speed up a slow website. Be aware multiple cache plugins offer no benefit. First we deactivated all duplicate plugins, then we tested if the page works properly. Finally we deleted everything that was not strictly needed. This helps keep Wordpress safe. The golden rule: The less plugins the better.
Setting up security
Reviewing activity in Cerber
Our team configured the necessary settings and made sure regular form entries were passing through the anti-spam engine. We needed to be 100% sure that no false-positives are flagged as spam, before we could give the green light to our client.
Completing the job
After we do any serious changes to a system, we make sure to test for any bugs or errors that could occur afterwards. There is always a slight chance that something works in an unexcepted way.
After exhaustive testing with multiple devices, browsers and IP addresses, we could confirm: Everything works as expected. We can't go into too much details as its a bad practice to share sensitive information on system security. Job done. Finally no more spam in Wundertravels mailbox and a very secure Wordpress setup. Time to celebrate.
About our client
Riglia Residence,
Agios Nikoloas
Thank you for reading, have a spam-free day! 🌤️
Post Author
