[ad_1]
Hi, newbie here. It’s quite time consuming to monitor changes, update plugins, look for new vulnerabilities, implementing 2FA, discovering sim swapping makes it not that efficient and all on several wp sites… Could a strategy be to have some simple script to restore backups and databases whenever some simple monitoring tool signals a potential problem on a site? Any known tool to follow this path?
[ad_2]
ManageWP
A good backup strategy is best, but I wouldn’t set up a system to automatically restore a site simply because a scanning tool discovered a file that was altered outside the normal WordPress update process.
Plugins and Themes can trigger that kind of false flag, and you’d essentially have your site being restored constantly.
We rely on MainWP for streamlined updates management. Additionally, we employ a combination of security tools, such as Virusdie and MalCare, to ensure comprehensive protection for our websites. This includes not only identifying vulnerabilities but also implementing three separate automatic backup systems: the All in One WP Migration plugin, BlogVault SaaS, and SiteGround hosting’s backup.
It is a full time job and you need someone to always be monitoring and making changes. WordPress is not build it and forget it.
You need to alway be monitoring, also what do you mean by Monitoring tool ? What tool are you taking about ?
I’m a freelance developer and run a small hosting company in the side (around 100 sites). For all my clients I use Cloudflare + Wordfence + ManageWP. I setup CF WAF rules to block countries that are the typical bot sources (which you can identify via Wordfence Tools page). The above combo means my client sites get virtually zero bot malware/login attempts. I run plugin updates almost everyday day via ManageWP – takes about 1min to do 100 sites.
> *discovering sim swapping*
Sim swapping attacks are extremely unlikely. 2FA annoys almost everyone. Wordfence will, by default, enforce strong passwords and prevent admins from using known compromised passwords, eliminating the need for 2FA. Tell your clients how to use password managers. If they can remember their password it’s not secure. That said, attacks via logging in are extremely rare – over 96% of WP attacks are caused by plugin vulnerabilities, generally because they weren’t updated in a timely manner.
“Restoring from backup” is not a fix or a valid strategy – it’s a “last resort” option. Learn how to secure sites properly. It’s rare that you’d ever need to restore a backup (I don’t think I’ve done it in 10+ years), and it should be avoided as you are essentially wiping out any changes made since the last backup (very bad for ecommerce sites).