Cuberis-logo
Search
Main Menu
Maintenance & Security — Now Available

Your website is under more pressure than ever.

The web has changed. A flood of AI crawlers, automated bots, and relentless brute-force attacks are hammering websites every day — slowing servers, driving up costs, and probing for a way in. Your current plan keeps WordPress updated. These new plans make your site genuinely hard to break.

Compare the Plans See What's Included

Why we built these plans

You're already on our maintenance plan, so your plugins and WordPress core stay current. But "up to date" is no longer the same as "protected." Here's what changed.

🤖

An explosion of bots & AI crawlers

Automated traffic now makes up a huge share of all web requests. They scrape your content, strain your server, and slow your site down for real visitors.

🔒

Constant brute-force attacks

Bots try thousands of username and password combinations against WordPress login pages around the clock, hunting for one weak account.

⚠️

Plugin vulnerabilities & hacks

Outdated or flawed plugins are the #1 way WordPress sites get compromised — and new vulnerabilities are discovered every single week.

Choose your level of protection

Compare your options

Skim the table for the big picture — then scroll down to explore exactly what every line means, in plain English.

Current $100/mo Your plan today Recommended Basic $200/mo +$100/mo upgrade Pro $350/mo +$250/mo upgrade
Plugin & WordPress updatesHow often we patch your site Monthly Weekly Weekly
WordPress hardeningClosing off unused entry points
Server & file protectionStopping malicious code from running
Login protection & MFALocking down the front door
Cloudflare CDN & bot filteringFaster site, fewer bad bots
Activity & change monitoringAlerts when something changes
Monthly security review & reportA real person checks in
Advanced bot & AI-crawler defenseCloudflare Pro & Super Bot Fight Mode
Advanced firewall (WAF) & rate limitingCustom rules tuned to your site
Patchstack virtual patchingProtection before fixes are released
Security operations & threat huntingWe actively hunt for attacks
AI-assisted security analysisTurning attack data into action
Quarterly verification checklistBackups & recovery tested
One-time setup feeInitial hardening & configuration $450 $600
Monthly price $100 $200 $350

All prices are per site. The monthly plan replaces your current $100/mo maintenance plan; the setup fee is a one-time charge to harden and configure your site.

In plain English

Exactly what's included

Click any category to expand it. Hover or tap the icon next to any item to learn why it matters — no tech background required.

Basic Plan

$200/mo · per site
  • Plugins updated weekly Plugins are the most common way WordPress sites get hacked, and fixes are released constantly. Updating weekly means you're patched within days of a vulnerability being discovered — not weeks later.
  • WordPress core kept current
  • Updates tested so your site keeps working
  • Disable XML-RPC completely XML-RPC is an old WordPress feature hackers love to abuse for rapid password-guessing and for overloading your server. Almost no modern site needs it, so we turn it off.
  • Disable pingbacks & trackbacks These were meant to notify you when another site links to you, but attackers exploit them to flood sites with traffic. Turning them off removes that risk.
  • Disable comments when unused If your site doesn't use comments, leaving them on is just an open door for spam and malicious links. We disable them when they're not needed.
  • Remove emoji & embed scripts WordPress loads extra emoji and auto-embed code on every page. Removing the parts you don't need makes pages load faster and gives attackers fewer scripts to target.
  • Close unused REST API endpoints The REST API is a doorway apps use to talk to your site. We close the doorways you don't use so bots can't pull data like your list of usernames.
  • Hide your WordPress version By default WordPress advertises which version it runs, which tells hackers exactly which known weaknesses to try. We hide it.
  • Security headers review Security headers are instructions your site sends to visitors' browsers to block common attacks like clickjacking and code injection. We review and set them correctly.
  • Block code execution in upload & cache folders Your "uploads" folder is for images and files — never for code. If a hacker manages to sneak a malicious script in there, this stops it from ever running.
  • Disable file editing from the dashboard WordPress lets admins edit live site code right from the dashboard. If an account is ever hacked, that's a fast way to plant malware — so we turn it off.
  • Verify correct file permissions File permissions control who is allowed to read or change each file. We make sure they're set tightly so attackers can't overwrite your site.
  • Multi-factor authentication (MFA) for admins MFA means a password alone isn't enough — a second one-time code is also required to log in. This blocks the vast majority of account takeovers.
  • Smart bot checkpoint on your login page We place a Cloudflare "Managed Challenge" in front of your login and admin pages. It quietly lets real people through but stops automated bots from hammering them.
  • Optional country restrictions If your business only serves certain countries, we can block login attempts from everywhere else — cutting off a huge share of attacks at the source.
  • Cloudflare CDN enabled Cloudflare's global network sits in front of your site, making it load faster everywhere and absorbing attacks before they ever reach your server.
  • Basic bot protection Automatically detects and blocks known bad bots before they can scan or attack your site.
  • Browser integrity check Inspects each visitor to confirm they're using a real web browser and not a malicious script in disguise.
  • Security level tuning We dial Cloudflare's sensitivity to the right level for your site — strict enough to stop threats, relaxed enough not to bother real visitors.
  • Monthly review of suspicious traffic
  • Full activity log A detailed record of everything that happens in your admin area — so if something ever goes wrong, we can see exactly what, when, and who.
  • New admin account alerts If a new administrator account is suddenly created, we're alerted instantly — one of the clearest signs of a break-in.
  • User role / permission change alerts If someone's permissions are suddenly elevated, we catch it — attackers often do this to seize control of a site.
  • Plugin activation / deactivation alerts We're notified if plugins are turned on or off unexpectedly, which can be a sign of tampering.
  • Monthly human security review
  • Initial hardening report A clear summary of everything we locked down when we first set up your plan.
  • Monthly review report A plain-English monthly recap of your site's security and exactly what we did that month.
  • Ongoing security recommendations

Pro Plan

$350/mo · per site

Everything in the Basic plan, plus a fully managed, actively-monitored layer of advanced security:

  • Super Bot Fight Mode Cloudflare's most aggressive bot-blocking tier — it identifies and stops sophisticated bots that slip past basic filtering.
  • Advanced bot fingerprinting Identifies bots by their behavior and technical "fingerprint," catching ones that disguise themselves as real visitors.
  • Better scraping detection Detects and blocks bots that try to copy your content or harvest your data in bulk.
  • AI crawler identification Identifies AI bots — the ones scraping the web to train models — so we can control whether they're allowed to hit your site at all.
  • Geo-challenge on sensitive admin pages We put a security checkpoint on your most sensitive pages (login, admin, XML-RPC) for visitors from countries you don't do business with — where most attacks originate.
  • Protection against common WordPress attacks Blocks the most common automated attacks at once: probing your data feed, harvesting usernames (author enumeration), and rapid-fire password guessing (login spraying & credential stuffing).
  • Rate limiting on key pages We cap how many times anyone can hit your sensitive pages per minute, so attackers can't flood them with thousands of attempts.

Example rule: the login helper (admin-ajax.php) is limited to 5 requests per minute, with a challenge after that.

  • Virtual patching When a plugin has a newly found flaw, Patchstack shields it instantly at the firewall level — even before the plugin maker releases a fix.
  • Zero-day protection "Zero-day" means a brand-new vulnerability that's just been discovered and doesn't yet have an official fix. This guards you during that dangerous window.
  • Live vulnerability intelligence A constantly-updated feed of known WordPress threats, so your site is defended against the very latest ones.
  • Plugin exploit blocking Actively stops attackers from exploiting weaknesses in the plugins your site relies on.
  • Protected before developers ship a fix The key benefit: you're covered in the gap between when a flaw is discovered and when the official patch is finally released — which can be days or weeks.
  • Traffic analysis: top attacking IPs, bot traffic & country breakdown We identify the specific sources hammering your site the hardest, measure how much traffic is bots vs. real people, and see where attacks come from geographically — then adjust your defenses.
  • Tracking of scans, probes & brute-force attempts Attackers probe for files that don't exist (404 scans) and test for weak spots before striking. We watch for this scanning and password-guessing behavior and shut it down.
  • Active threat hunting Rather than waiting for an alarm, we go looking for early warning signs — unusual URLs, username harvesting, login attacks, crawler spikes — and stop them before they escalate.
  • Cloudflare analytics pulled & summarized We gather the raw security data from Cloudflare and use AI to turn it into a clear, readable summary of attack patterns against your site.
  • New scanners & attack patterns identified Spots new attacking tools, bots, and patterns as they emerge — so your defenses keep pace with the threats.
  • Firewall rule suggestions, reviewed by us AI proposes new protective rules based on what it sees; our team reviews and applies the ones that make sense for your site.
  • Unusual behavior flagged
  • Admin users audited We review every administrator account to make sure only the right people still have the keys.
  • Plugins audited & unused ones removed Every plugin is a potential entry point. We check them all and remove any you're not actually using.
  • Inactive themes removed Just like plugins, unused themes are dead weight and a security risk, so we delete them.
  • MFA verified on all admin accounts
  • Backups verified & recovery tested We confirm your backups are actually running and complete — then we test that we can truly restore your site from one, before you ever need it.

Ready to make your site harder to break?

Upgrading is simple — there's nothing for you to install or manage. Just reply to your account manager, or reach out below, and we'll handle the rest. Most sites are fully hardened within a few business days.

Talk to Us About Upgrading
Subscribe to:
INSIGHT: On Art & History Websites
INSIGHTS Subscriber (2)
[zoomable id=16930 width="600" height="800"]