Web security and maintenance package

What is it?

Your site is built on a Content Management System (CMS) called WordPress.

Like other software, WordPress and the many plugins that provide your website with its functionality are regularly updated with security patches.

If you don’t keep your site up to date, you risk being hacked.

To protect against hacking, iCreate provides an optional Maintenance and Security Package, where we routinely visit and apply and test WordPress and plugin updates in a controlled manner.

This is highly recommended, especially for websites that are important to your business.

What is included?

  • Initial: Setting up comprehensive rolling backups.
  • Initial: Tailored security hardening of your WordPress Install.
  • Quarterly: iCreate will visit your site once a quarter. We’ll make a copy of your site and run all software updates on this. We’ll check for problems using image regression testing and manual page sampling and fix any update issues we discover. Afterwards, we apply updates and any fixes to the live site.
  • If hacked: In the unlikely event, your site is still hacked despite these precautions. We’ll investigate and resolve the problem for no charge.


Yes absolutely. Simply log on to WordPress and click on the update button. It will show you all the updates available across WordPress Core and plugins.

The difference when engaging icreate to do this for you are:

> We’ll do this on a staging environment and check for issues before applying to the live site.
> We use both automated image snapshot checks and manual sampling of pages and functionality when testing.

iCreate subscribes to multiple WordPress security blogs. If we become aware of a critical security vulnerability that affects your site, we’ll patch that particular vulnerability between our scheduled visits.

Why is this necessary? Unfortunately, many annoying hackers out there (who should get haircuts and real jobs) are constantly looking for exploits and vulnerabilities in widely used web software – including WordPress. Once an exploit is discovered, they create ‘bots’ that automatically crawl the internet searching for sites they can exploit; often, the attack is also automatic. A compromised website may redirect traffic elsewhere, show fraudulent pages, attempt to install malware on visitors’ computers, send spam or perform many other undesired actions. It’s an unfortunate reality and one we have to deal with.

The quarterly cost varies depending on the size and complexity of the website. This usually is 1-1.5 hours per quarter for smaller sites at our standard rate.


Large, complex or eCommerce sites may require 2-4 hours for more thorough and detailed testing.