Website Security & Maintenance Plan

Optimize, Maintain, Back Up and Secure. We Remove the Stress of Protecting Your Website.


We created our Website Security & Maintenance Plan to protect our clients’ sites from getting hacked.

While we succeed in this (and still to this day have a 100% success rate of no hacks once on the plan) we found out there was another need for our clients once a site went live…maintenance and optimization.

Once a website is live, it’s not only important to protect it from malware and hackers that can take your site down and destroy your Google rankings but it’s also important to keep the tools in the site up-to-date and to make sure the site as a whole is running quickly and efficiently.

Our monthly plan includes all that and more. Month-to-month, we work hard to protect, update, maintain, and back-up your website.

How We Help Our Clients

Our Website Security & Maintenance Plan covers 4 main areas


We keep your site updated, maintained, cleaned and running smooth and fast.

  • Newest versions of WordPress & themes
  • Site cleared and optimized weekly
  • Plugins monitored and updated


Your site is monitored and protected from spam, malware and other evil internet forces.

  • Firewall Protection
  • Daily scanning
  • Blocking login attempts
  • Denial of Hackers & spam content


Your site is backed up weekly in multiple locations and can be restored at any time.

  • Weekly website backups
  • On & off-site backup locations
  • Daily restore points


We send you a monthly report of website activities.

  • Monthly report of page views, site traffic, organic searches, social media sessions.
  • What’s been done to keep your site updated and secure.

*** BONUS ***

We now provide up to 1 hour of image and text edits each month! 



Rest Easy Knowing Your Site is Safe.

• Optimize & Update • Security • Backups • Reports

• Get Started for ONLY $89 per month. Websites we didn’t build.

=> Tap Subscribe =>

• Hosting + Security options available
*No Contract, No Initiation Fee, No Termination Fee*

Website Security & Maintenance Plans

Hit-the-Web Marketing and Carol Scalzo have been working with us for the past few years. Initially, Carol designed and implemented our website, then redid it this year[2015]. Recently, Carol has been working with us to help create “traffic” to our website by using strategies such as blogging, social media marketing – social media linking between our website and social media platforms such as twitter, facebook and LinkedIn. We have noticed an increase in website traffic. We have always found Carol to be very professional and responsive to our requests. We highly recommend her and Hit-The-Web Marketing for website designs and social media marketing.

John Connaughton

President, Connaughton Construction

Why WordPress Sites Get Hacked

It is not just WordPress. All websites on the internet are vulnerable to hacking attempts.

WordPress sites are a common target because WordPress is the world’s most popular website builder. It powers over 31% of all websites; that is hundreds of millions of websites across the globe.

How is Your Business Affected If Your Website Gets Hacked?

Website Reputation

Once a website is hacked, most visitors will be given warnings that a site contains malware. Would you return to a site once you’ve seen a malware notification?

Social Media is Affected

Your social media that has links back to your website are affected. It displays malware and Posting to your social media is not allowed until you rectify the problem. 

Search Engine Ranking

Search engine ranking drops. It’s difficult to say just how much.

email Links to Your Website 

email marketing is one of the best ways to communicate to past, current and future customers. If you send out a campaign after your website is hacked, recipients will receive warnings before they click the link to your website. 

The Culprits

Security Policy Holes

Bad security policies, such as allowing users to create weak passwords, giving admin access too freely, and not enabling HTTPS on your site can have negative consequences. To better protect your site, Google recommends making sure you have the highest security controls configured, that user access and privileges are properly managed, that logs are checked, and that encryption is used.

Not Updating Version of WordPress

Each new version of WordPress fixes bugs and security vulnerabilities. If you’re not updating WordPress, then you are intentionally leaving your site vulnerable. As of April 2019 the most recent version of WordPress is 5.1.1.

Insecure Plugins and Theme

In addition to making sure your plugins and themes are patched, be sure to remove themes or plugins that are no longer maintained by their developers. Also, be careful when using free plugins, or ones that may only be available through an unfamiliar website. It’s a common tactic for attackers to add malicious code to free versions of paid plugins or themes. When removing a plugin, make sure to remove all its files from your server rather than simply disabling.

Using Weak Passwords

You need to make sure that you’re using a strong unique password to login to the backend of your website, to your hosting company, FTP accounts. And, although it makes it more difficult to remember, different passwords for your accounts is more imperative in today’s world than ever.


Hosting Security Holes


Outdated Themes


Outdated Plugins


Weak Passwords

Worst Cybersecurity Hacks of 2019

January: Apple Facetime

A Fortnite player found a bug in Apple iOS that allowed users to eavesdrop on an iPhone’s environment by calling but without it being answered. It may have also been possible to view live video feeds.

March: ASUS, Facebook, Instagram

Hacked ASUS software: A campaign called Operation ShadowHammer targeted the ASUS Live Update Utility to compromise thousands of PCs.

Facebook, Facebook Lite and Instagram: Hundreds of millions of users may have been impacted by shoddy password storage management by Facebook, in which account credentials were stored in plaintext. 

May: Financial

First American Financial Corp.: Real estate giant FAFC leaked hundreds of millions of insurance documents dating back to 2003. Bank account numbers, statements, mortgage and tax records, and more were openly available on the internet.

June: Medical hacks

American Medical Collection Agency (AMCA): Unauthorized access to a database led to the exposure of medical data belonging to roughly 20 million individuals. The information leak also impacted other companies including LabCorp and Quest Diagnostics.

August: NASA Cybercrime

Cybercrime in space: A NASA astronaut was accused of monitoring her estranged spouse from space including accessing a bank account allegedly without permission.


DoorDash: Close to five million customers of DoorDash were embroiled in a data leak. An unauthorized third-party accessed the PII of customers, drivers, and merchants. Approximately 100,000 driver licenses were also stolen and the last four digits of payment cards were exposed.

Worst Cybersecurity Hacks of 2018

Russian Grid Hacking

In 2017, security researchers found Russian hackers infiltrating and probing the United States power companies. There is evidence that the hackers have direct access to an American utility’s control systems.

Grid Hacking

Critical infrastructures Energy, Oil and Gas grids are at risk.

US Universities

In March of 2018, the Department of Justice indicted nine Iranian hackers over an alleged spree of attacks on more than 300 universities in the United States and abroad. The DOJ says the hackers stole $3 billion in intellectual property.

Under Armour App

Hackers breached Under Armour’s MyFitnessPal app in late February 2018, compromising usernames, email addresses, and passwords from the app’s roughly 150 million users. The company discovered the intrusion on March 25.

Google + Hacked

Google announced on Oct. 8 that it’s shutting down Google Plus. The decision came in response to Google uncovering a security vulnerability in March 2018 that potentially exposed the private information of up to 500,000 Google Plus users.

Facebook Breach

FACEBOOK’S PRIVACY PROBLEMS severely escalated Friday when the social network disclosed that an unprecedented security issue, discovered September 25, impacted almost 50 million user accounts.

Vulnerable Industries

DHS identifies 84,000 critical infrastructure sites that are directly connected to the internet.

  • Banks
  • Financial Services
  • Education
  • Food & Agriculture
  • IT
  • Communications
  • Energy
  • Oil and Gas
  • Nuclear
  • Dams
  • Water
  • Chemical Plants
  • Commercial Facilities


  • Government Agencies
  • Police Stations
  • Defense Industrial Base
  • Transportation
  • Trains
  • Automobiles
  • Healthcare
  • Emergency Services
  • Hospitals
  • Manufacturing
  • Critical Manufacturing
    • SemiConductors
    • Electronics
    • Mass Transit Components

Malware & Scams to Watch

Russian Hacking

At the end of May 2018, officials warned about a Russian hacking campaign that impacts more than 500,000 routers worldwide. The attack spreads a type of malware, known as VPNFilter, which can be used to coordinate the infected devices to create a massive botnet. But it can also directly spy on and manipulate web activity on the compromised routers. These capabilities can be used for diverse purposes, from launching network manipulation or spam campaigns to stealing data and crafting targeted, localized attacks.

Password Stealing Malware

The Department of Homeland Security and the FBI said that North Korean hackers, code-name ‘Hidden Cobra’, have been using both Joanap, a remote access tool (RAT), and Brambul, a Server Message Blockworm, since at least 2009 to target companies working in the media, aerospace, financial, and critical infrastructure sectors.

eMail Phishing Scam

How to identify an email phishing scam.

“Special Ear”

A sophisticated hacking group is sending phishing emails to people all over the world. The emails contain malicious links that will infect the victim’s gadget with trojan malware. Believed to be from China. If infected with this malware, the attackers are able to steal victims’ credentials by logging keystrokes from their device. It can also give attackers remote access to compromised gadgets.

What is Your Counter Attack for eMail Phishing Scams?

Here’s a few ways to counter attack these scum bag scam artists.

  • Do not follow web links in unsolicited email messages.
  • Set up two-factor authentication
  • Use unique passwords for multiple sites
  • Use strong anti-virus software on all devices
  • Backup your critical files.


Frequently Asked Questions


Once you’ve selected the plan that’s right for you, a message is sent to Maintenance Crew of Hit-the-Web Marketing.

Within 24 hours you will receive a welcoming call. At this time, we will ask for your website login so we can go in, set up the maintenance features we offer in the plan. Each month we automatically go in and perform maintenance for you.

You can set back, rest assured that your website is backed up, WordPress version is up-to-date, the firewall is keeping out hackers and viruses, and the plugins are updated and checked on to ensure they are functioning properly.


This is a low-cost insurance that your website investment is protected.


No. There are no setup costs. There are no cancellation fees. And the door is always open if you leave and decide to come back to the plan.


If you decide to decline our maintenance plan, there’s a lot that can go wrong. Here are the top reasons I recommend you make sure your website is maintained:

  • The site will not be optimized which leads to poor performance, slow loading times and a gradual loss of Google SEO rankings.
  • The site’s tools, plugins, themes and WordPress itself will quickly go out of date which is the #1 leading cause of website hacks. It’s incredibly important to keep ALL your website tools and plugins up-to-date.
  • You’ll have no backups or restore points so if the site gets hacked or breached, you could lose all your content, pages and Google ranking.
  • You won’t get a monthly report overviewing your site traffic, page views, etc.
  • Most importantly, you won’t have us as your trusted webmaster to assist you with quick updates, tweaks, website issues. Often you’ll have to try getting a hold of your hosting company for any assistance.

Sorry, no ghost rider. The retainer of hourly updates is just covered for that month.


If your site gets compromised while you’re on the plan – we’ll take care of cleaning the site and getting everything squared away with Google at no extra cost to you. But have no fear; to date – we’ve had ZERO hacks or breaches with any sites on our maintenance plan.


We’ll always try to get your updates done within 1 hour to save you some extra cost but if you have a decent amount of updates that will require more hours, we’ll give you an estimate of time and do that at our hourly rate.


We can take care of getting the site cleaned for an initial cleanup fee of $250 then we can immediately get your site on our monthly plan to make sure it remains clean and protected from hacks.


We’re pretty darn quick around these parts. We try to get to updates within 24-48hrs. As a monthly client, you always get top priority compared to clients who aren’t on the plan.


Making software updates is best left to a person with a WordPress technical background. Updating the software we have run into problems where the software may not update properly or completely. We have had to recreate the website from backup. Are you experienced at this type of technical process?

Additionally, we get daily notifications from our sources letting us know if WordPress, a theme or a plugin has become vulnerable to attack. We know when and how to eliminate and replace vulnerable files.  

Hit-the-Web Marketing has had one customer hire us to build a website and 2 years later hired us again to build another website. The hosting company found the website to have been hacked and removed the entire site; all the files, all the images, all the pages. This can get expensive.

Protect Your Investment 



Join the Hit-The-Web Marketing Social Community

ecommerce marketing services boston

What Are You Waiting For?

Dig Your Heals in and Sell Online!

Check Out Our eCommerce Case Study. See how your business can soar!

Free 1 Hour Consultation

You have Successfully Subscribed!

Register even if you can't make it.


You have successfully registered!