WordPress runs on 15% of all websites across the world.  At first, that number may not seem like a lot.  However, when you start to consider how many websites there are, the number starts to look much bigger.

Our passion for WordPress is evident, we run a network of sites on the platform and have helped a large number of websites with WordPress Theme customization, Plugin recommendations, and Tips & Tricks for the WordPress enthusiast.

WordPress Management can be a complicated and time-consuming process.  Let CODWebhosting take care of your WordPress site for you.

Start looking around, you will see the social media outlets a blaze with people who need help fixing or updating their WordPress site. With WordPress running full steam ahead, many folks are diving right into websites that don’t have the technical background to keep their sites safe or up to date. Sometimes, they are spending an obscene amount of time trying to fix a hacked or broken site, instead of spending that time on growing their business.

How do we do it?



  • Back up your site (files and database) regularly*
  • Keep your WordPress core installation up to date
  • Keep your WordPress plugins up to date
  • Keep your WordPress themes up to date
  • Prevent listing wp-content, wp-content/plugins, wp-content/themes, wp-content/uploads
  • Remove wp-version
  • Remove Really Simple Discovery meta tag
  • Remove Windows Live Writer meta tag
  • Database error reporting turned
  • PHP error reporting turned off
  • Remove version information for scripts/stylesheets
  • Remove readme.html



  • Uninstall (not just disable) any unused plugins or themes
  • Install our suite of WordPress Security Plugins
    • Real-time blocking of known attackers.
    • Scans for the HeartBleed vulnerability
    • Enforce strong passwords
    • Firewall to block common security threats
    • Scans for signatures of over 44,000 known malware variants
    • Scans for many known backdoors that create security holes
    • Changes the URLs for WordPress dashboard areas including login, admin and more
    • Prevents brute force attacks by banning hosts and users with too many invalid login attempts
    • Read more…


*some hosting companies like Bluehost and Godaddy will interfere with backups.  Large WordPress installations may experience an inability to backup due to timeout limitations set by your hosting company.

[css3_grid id=’WORDPRESS’]


Automated Backups

Keeping a website backed up is just as important as keeping your computer backed up.  Although this isn’t usually in the forefront of our minds when thinking about our websites, what would you do if something happened?  We have seen this over and over again.  Don’t let your website suffer from poor planning.  If something happens, offsite backups are the safest way to go.  We will back up your WordPress site offsite to our servers for safe keeping.



Security Monitoring

Security is always a big concern when talking about information.  Vulnerabilities are everywhere and people looking to exploit those vulnerabilities are just as prevalent.  One virus on your website could open up you and your customers to all sorts of issues.  Keeping your website information as safe as possible is just as important your wallet.



Performance Optimization

Few things are more frustrating than a slow website. In fact, Google even punishes websites with slow load times. We love to help make the web fast. Aside from installing and properly configuring a great caching plugin, we’ll take a comprehensive look at your site and get it running smooth.


[message type=”warning”]

How do WordPress sites get hacked?

A recent study has shown that WordPress Blogs get hacked for the following reason.

41% of WordPress sites are hacked due to insecure hosting.
29% of WordPress sites are hacked due to an exploited or outdated Theme.
22% of WordPress sites are hacked due to en exploited or outdated Plugin.
8% of WordPress sites are hacked due to an insecure password.

The entire responsibility of WordPress security lies in the hands of you (the web site owner) and the WordPress Core developers. The WP Core developers are great at their job, but you have to do your part as well. An update is no good if it is never installed.

Did you know:

  • More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. In total, 8 million vulnerable plugins were downloaded. JUN 2013. [Source]
  • 7 out of top 10 most popular e-commerce plugins are vulnerable to common Web attacks. This amounts to more than 1.7 million downloads of vulnerable e-commerce plugins. [Source]



Security Suite (Enhanced)


We will completely hide much of your WordPress installation.  With that said, that will hide all your plugin information, version information, login screens, urls and the like from hacking scripts, hacking applications, and sites like http://whatwpthemeisthat.com/.

  • Hide wp-login.php
  • Hide or change wp-admin and all of its files (for untrusted users)
  • Change WordPress theme directory, remove theme Info from stylesheet, replace default WP classes and finally minify it!
  • Change plugins directory and hash plugins name
  • Change upload URL, wp-includes folder, AJAX URL, etc.
  • Change WordPress queries URL
  • Change author permalink (or disable it!)
  • Change or disable feeds
  • Hide all other WordPress files!
  • Disable WordPress archives, categories, tags, pages, posts, etc
  • and much more…


We start starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then we your site and makes it up to 50 times faster.


  • Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
  • Real-time blocking of known attackers. If another site using our plugin is attacked and blocks the attacker, your site is automatically protected.
  • Includes two-factor authentication, also referred to as cellphone sign-in.
  • Scans for the HeartBleed vulnerability – included in the free scan for all users.
  • We includes two caching modes for compatibility and has cache management features like the ability to clear the cache and monitor cache usage.
  • Enforce strong passwords among your administrators, publishers and users. Improve login security.
  • Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
  • Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
  • Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner.
  • See how files have changed. Optionally repair changed files that are security threats.
  • Scans for signatures of over 44,000 known malware variants that are known security threats.
  • Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
  • Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
  • Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
  • Checks the strength of all user and admin passwords to enhance login security.
  • Monitor your DNS security for unauthorized DNS changes.
  • Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
  • Choose whether you want to block or throttle users and robots who break your security rules.
  • Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
  • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
  • A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.
  • Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
  • Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.



Our Plugin enables you to scan your WordPress site using the Sucuri SiteCheck for security and malware issues. It also verifies the security integrity of your core files right in your dashboard. It includes full login and activity audit trails and post-hack security ions to help you reset passwords and secret keys in case it has been already hacked, or infected with malware.

SiteCheck detects various types of malware, SPAM injections, website errors, disabled sites, database connection issues and code anomalies that require special attention to include:

  • Obfuscated JavaScript injections
  • Cross Site Scripting (XSS)
  • Website Defacements
  • Hidden & Malicious iFrames
  • PHP Mailers
  • Phishing Attempts
  • Malicious Redirects
  • Anomalies
  • Drive-by-Downloads
  • IP Cloaking
  • Social Engineering Attacks

There are a number of blacklisting authorities that monitor for malware, SPAM, and phishing attempts. SiteCheck leverages the APIs for these authorities to check your website blacklisting status:

  • Sucuri
  • Google Safe Browsing
  • Norton
  • AVG
  • Phish Tank (Phishing Specifically)
  • ESET
  • McAfee SiteAdvisor
  • Yandex

Sucuri augments the SiteCheck Malware Scanner with various. 1-click hardening options. Some of these options do not provide a high level of security, but collectively these options do lower your risk floor:

  • Verify WordPress Version
  • Protect Uploads Directory
  • Restrict wp-content Access
  • Restrict wp-includes Access
  • Verify PHP Version
  • Disable the theme and plugin editors



iThemes Security gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.

Most WordPress admins don’t even know they’re vulnerable, but we work to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, we can help protect any WordPress site.


We hides common WordPress security vulnerabilities, preventing attackers from learning too much about your site and away from sensitive areas like your site’s login, admin, etc.

  • Changes the URLs for WordPress dashboard areas including login, admin and more
  • Completely turns off the ability to login for a given time period (away mode)
  • Removes the meta “Generator” tag
  • Removes theme, plugin, and core update notifications from users who do not have permission to update them
  • Removes Windows Live Write header information
  • Removes RSD header information
  • Renames “admin” account
  • Changes the ID on the user with ID 1
  • Changes the WordPress database table prefix
  • Changes wp-content path
  • Removes login error messages
  • Displays a random version number to non administrative users


Hiding parts of your site is helpful, but won’t prevent all attacks. In addition to obscuring sensitive areas of your WordPress site, we work to protect it by blocking bad users and increasing the security of passwords and other vital information.

  • Scans your site to instantly report where vulnerabilities exist and fixes them in seconds
  • Bans troublesome user agents, bots and other hosts
  • Prevents brute force attacks by banning hosts and users with too many invalid login attempts
  • Strengthens server security
  • Enforces strong passwords for all accounts of a configurable minimum role
  • Forces SSL for admin pages (on supporting servers)
  • Forces SSL for any page or post (on supporting servers)
  • Turns off file editing from within WordPress admin area
  • Detects and blocks numerous attacks to your filesystem and database


Our Plugin monitors your site and reports changes to the filesystem and database that might indicate a compromise. It also works to detect bots and other attempts to search vulnerabilities.

  • Detects bots and other attempts to search for vulnerabilities
  • Monitors filesystem for unauthorized changes
  • Receive email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.