The travel company Wundertravel contacted us because their previous Wordpress development company could not fix their persisting spam, hosting and security issues. They were frustrated because they had to disable the booking form entirely to stop hundreds...

Security services for Wundertravel
| Florian Matthias Egerer

The travel company Wundertravel contacted us because their previous Wordpress development company could not fix their persisting spam, hosting and security issues. They were frustrated because they had to disable the booking form entirely to stop hundreds of spam emails flooding their inbox.

A bunch of problems

As companies that offer Wordpress services often don't set up proper anti-spam measures, having severe issues with spam is unfortunately very common with Wordpress websites.

Wundertravel received 100+ spam messages each day. Disabling their booking form led to other problems along the way as a contact form is an important asset. It made normal work impossible and valid customer messages got mixed up with spam in the inbox. Apart from this nerve racking spam problem, there were a lot of other problems as well. Since no security module was installed, Wordpress was left vulnerable to all sorts of attacks.

Security analysis

Our team looked at the Wordpress installation and found out plugins, themes, Wordpress itself and PHP never got updated. The risk for a hack was very high. The admin panel also had not been properly secured and was reachable under the default /wp-admin address which is very bad practice. Before any other work on the website could be done, these issues needed to be fixed as fast as possible.

Creating a full backup

Creating a backup in Updraft PlusCreating a backup in Updraft Plus
Let's get into the process of actually eradicating all these annoying problems. What is the most important first step before you do any changes to a system? Create a backup. Always. Don't be lazy and regret what you did hours later...

We created a full backup, did a test restore and came to the conclusion everything works as intended. In this case we used Updraft Plus which is a fairly good solution, if there is no need for migration to another server.

Preparation & planning

Before we do any work on a wordpress installation we make sure that we create a full backup and that it is actually possible to restore backups.

The second point cant be stressed enough, as a backup is completely useless if it can not be fully restored! As a next step we compiled a list of all the problems we wanted to fix:

  • Create our own user account
  • Delete all unused or inactive plugins
  • Update all plugins, themes and modules
  • Set up a security module and firewall

Working on our tasks

We always create your own user before we do changes to a system. It helps a lot when we need to go through activity logs in an application like WP Cerber. Separate user accounts also come in handy if we want to review who did certain changes and lets us quickly determine who was responsible if something went wrong. With our own user account we carefully checked all unused plugins, beginning with duplicate cache plugins.

These are very common when people try to speed up a slow website. Be aware multiple cache plugins offer no benefit. First we deactivated all duplicate plugins, then we tested if the page works properly. Finally we deleted everything that was not strictly needed. This helps keep Wordpress safe. The golden rule: The less plugins the better.

Setting up security

Reviewing activity in CerberReviewing activity in Cerber
After all unused items had been removed or updated, we decided to install WP Cerber. It supports hardening your Wordpress installation with advanced security features and has an outstanding anti-spam module.

Our team configured the necessary settings and made sure regular form entries were passing through the anti-spam engine. We needed to be 100% sure that no false-positives are flagged as spam, before we could give the green light to our client.

Completing the job

After we do any serious changes to a system, we make sure to test for any bugs or errors that could occur afterwards. There is always a slight chance that something works in an unexcepted way.

After exhaustive testing with multiple devices, browsers and IP addresses, we could confirm: Everything works as expected. We can't go into too much details as its a bad practice to share sensitive information on system security. Job done. Finally no more spam in Wundertravels mailbox and a very secure Wordpress setup. Time to celebrate.

About our client

Riglia Residence, <br/> Agios NikoloasRiglia Residence,
Agios Nikoloas
Our customer Wundertravel is a travel agency for the Mani and the South Peloponnes and offers exclusive villas and holiday homes, selected beach hotels, as well as inexpensive apartments and charming boutique hotels. You are taken care of by true experts with eightteen years of DMC agency experience and over three decades of industry experience. A german and english speaking team takes care of individual wishes, gives tailor-made advice and organizes personal arrangements.

Thank you for reading, have a spam-free day! 🌤️

PreviousNext