Tools and Features

Our core plan is the manual WordPress/CraftCMS core and plugin updates. Our staff applies every update to your site manually, ensuring your site works the same way as it did before the update and only after a full site back up is performed, "just in case".

Our uptime monitoring tools check your website 24/7 and alert us in case the website becomes unavailable or has a critical error. If such an error or issue is detected, our team is notified immediately so we can react.

As part of our maintenance packages, we set up automatic nightly backups of your site (files and database) to our Microsoft Azure storage account. In addition, and as an extra precaution, our staff manually backs up your website before applying any new updates.

Our automatic tools monitor your site's SSL certificate and notify us when the certificate is close to the renewal date so we could renew the certificate for you or alert you about its expiry date. No SSL on your website? We can help with that as well.

You will receive weekly updates report, clearly indicating which plugins and core updates were applied on your website(s).

We have developed an easy-to-use dashboard for our clients, where they can review the current state of their website, all their plugins, themes, core version, uptime statistics, SSL expiry dates as well as option to request additional plans through the same dashboard.

Our Malware Guarantee is your peace of mind insurance that while your site is under our maintenance you are fully covered in terms of malware/hacking.

We monitor your site and apply updates as they become available. If an update is an important security patch - it is our goal to apply the update in the shortest possible time.

If, however, your site gets infected with malware before we apply the important security update - we guarantee that we will remove it asap without any extra charges.

We will do a full system cleanup in case of malware and other malicious activity on websites signed up for our maintenance plans.

As part of this maintenance plan, we include a security optimization plan that comes with premium security plugins (WP) and proper server settings tweaking (WP, CraftCMS) to make sure that your website is properly configured from a security perspective, and as per the best practices.

Whether you have a website built with a custom theme, or custom plugins, or e-commerce - updates can be tricky and will require extra time and attention. With this package, our team ensures updates on such sites are applied properly, and thoroughly tested with extra time dedicated to the checkout flows or to the custom plugin functionality testing.

Having a website or an e-commerce site with complex custom functionality requires thorough testing after updates to the plugins and core are performed. Our team knows your website inside out and always pays extra attention to the custom functionality on your site.

If your website is not defended,
say YES to

Lost leads
Lost search engine positions
Damaged reputation
Users’ frustration
Lost trust
Loss of revenue
Costly recovery
  • Lost leads
  • Malware
  • Lost search engine positions
  • Damaged reputation
  • Users’ frustration
  • Lost trust
  • Loss of revenue
  • Costly recovery

If Bastion defends your website,
say YES to

online inquiries
happy users
credibility and trust
clean code
website orders
secure website
good search engine ratings
peace of mind
  • online inquiries
  • happy users
  • credibility and trust
  • clean code
  • website orders
  • secure website
  • good search engine ratings
  • peace of mind
Without Us
With Us

Check the status of your website

Alternative plans for simpler websites and requirements



An expert security team will cover your WordPress or Craft CMS websites and users' data.

defence Plan

An expert security team will cover your WordPress or Craft CMS websites and users' data.

What owners of saved
and protected
websites say

We asked Bastion to perform a comprehensive security audit for our website to ensure we didn’t have any security gaps and hidden vulnerabilities. We glad we did it. There are so many things happening behind the scenes we were not aware of. Their report and provided recommendations helped to rethink our approach on how to maintain our website and how to leverage their services. We were more We were more than content with their service and outcome.
Natasha F.
Our website got hacked a few times before we realized that we need to do something about it. While there are so many companies out there, it was difficult to find someone who is knowledgeable, reliable and offering fast and flexible service. We came across Bastion services on Google and gave it a try. We provided a site information they needed to assess the state of our online presence and after our first consultation, we learned so much about what can cause hacks, security gaps that have been overlooked and options to protect our website. Their level of competence is great. We have been on their maintenance plan for a few months and it is been like day and night. It is so important to have someone to monitor your website all the time, run all necessary updates and little fixes. We highly recommend to sign up for their services.
Kevin V.
We have been trying to fix things by using automated tools and antiviruses and it kind of worked for a while. As our website evolved with new features and functionalities, it became obvious that it was not enough. The issues came back again and again, costs were increasing, the source of problem was unknown. We found Bastion at the right time. They helped us fix all hidden security holes as a start and suggested a very comprehensive and flexible maintenance plan to address our operational needs. Finally, we could focus more on business matters that constantly running reactively fixing things. Their customer service level is exemplary.
Aaron R.

Calculate the outage cost of your website for your business

calculate downtime cost

Current Downtime:



recovery cost

Timespan Lost Revenue Lost Productivity Total Lost
Every Week
Every Day
Every Hour
Every Minute
Protect for just $8.46 / day to save / day*
*potential losses in case of an issue

Key Steps

Key steps we take to secure your website

Our maintenance is your website's insurance against malware
Mask group

Step 1

Once you sign up, an account manager will be in touch to get access to your website and to set up backups & monitoring agent.
Mask group 1

Step 2

We assign one of the developers to analyze your website's current state, scan for malware, apply any available updates to core and plugins.
Mask group 2

Step 3

Our system starts monitoring your website uptime and available updates. We manually apply each update, carefully backing up your site before each update (as well as nightly ones to the cloud). You are able to see your website's health through "Citadel", the dashboard with all your websites , and their stats, as well as daily reports in case updates were applied to your website.

Do you have question? We have answers!

Frequently Asked Questions

How do I know if my website is hacked?

Usually, it looks like your site is either broken or has clearly been hijacked by someone else. Website may perform some unwanted actions including showing malicious verbiage on your website, sending spam, malvertising, malicious downloads, falling traffic, etc.The most noticeable sign of a hack is when you either receive a warning about it in your browser or notice something obviously wrong with your site like spam ads on your site or search results or noticeable defacement to the site. Another red flag is when your website tries to download something onto visitors? computers when it?s not supposed to.All these symptoms indicate that your website is either broken or has been hijacked by someone else.

In addition, there are a handful of other signs that indicate a hacker may have invaded your website. The biggest one is when you start noticing odd browser activity including spam adds, unwanted downloads, strange unrelated warnings and verbiage showing on your screen. Here are some examples of warnings that can signal about potential website hacks.

  • Google: "This site may harm your computer" or "This site may be hacked"
  • Chrome: "Warning: Something's Not Right Here"
  • Internet Explorer: "This website has been reported as unsafe"
  • Safari: "Warning: Visiting this site may harm your computer"

Try searching up your site on google and accessing it through the search results - if instead of your site you are redirected to 3rd party site, this means that your site has malicious code. This is just one of the ways how site can be hijacked. In other cases, we've seen 3rd party links injected into the site template, unnoticeable to the site owner or visitors.

My website has been hacked. What should I do first?

Having your website hacked is a very stressful time. When a website hack happens, it makes a website owner feel unsafe and troubled. The danger of hacking will strictly depend on the type of hack. The hacks can vary from simple unwanted actions such as malicious verbiage or temporary losing control over your website to something more severe that can threaten the whole integrity of your online presence. In any case, if this unfortunate event happens, you need to follow some basic steps:


It is important to recognize the problem quickly and address it. While panicking is not the best approach, be aware that the longer the hack is prolonged the more potential harm it can cause.


Start collecting as much information as you can about what and when it happened. In addition, ensure you know your server login information. This all will be necessary information as part of the process of repairing the hack. Don't waste your time looking for people to blame. It will only hold you back from solving the problem.

Don't rely on easy fix

Be aware that site restore from a backup or automatic cleaning are necessary steps that are part of the process, but they don't solve the root of the problem behind the hack. Don't underestimate the problem if you don't want to be hacked again.

How quickly can you fix the hack?

The quick answer is "it depends". It can be fixed within a couple of hours or it can take up to two days. If we deal with experienced hackers, it might take even longer to find out how they attempted to crack the code, block them and back online your website.

How do I know if my problem can be fixed?

Most website hacks can be fixed and it doesn't matter whether your website is built on WordPress, Joomla, Magento, or any other CMS system. The only problem that can?t be fixed is when the hack caused irreversible damage such as website complete destruction. In this case, you can only rely on retrieving all you can from backups.

How much does it cost to bring my site online?

When it comes to the cost of being hacked, it really depends on the hack, but it's always high. The repair can be as simple as finding and removing a file or code added by the hacker. But, if hackers ruined everything on your account, including your site, content, and graphics or they infected the server/host with malware, then it means you have to replace everything, and it can be a much more complicated case. Get in touch with us today, so we could evaluate your situation and provide an estimate on the recovery.

If my site gets hacked, will it affect my search engine rankings?

Search engines do understand that getting hacked is not necessarily your fault, but they also have to protect the people they would otherwise send to your site. Google and other search engines can detect if your website has been hacked and in order to protect users, they will flag it to them. While it is not your fault, you need to act quickly to save your ranking and to ensure your website is not removed or blacklisted. Unfortunately, when the website is down, your ranking drops too. So if you don't address the problem quickly, it may impact your rankings.

What are key reasons why websites are being hacked?

The common reasons why your website can be the target of a hack include:

  • Outdated version of your CMS (WordPress, Drupal, Joomla, etc)
  • Old or unsupported themes and plugins. They should be updated, and the ones that are not maintained by the developer should be removed.
  • Poor customization is done by a freelancer programmer with questionable experience
  • Badly written custom code

Most CMS are customizable, which means that you can build your own site, and your own theme and add as many functionalities as you need by setting up third-party plugins. This also increases the attack surface of the CMS, as each plugin may have its own vulnerabilities and can cause side effects during the installation process.

Running updates and patching vulnerabilities should be done on a regular basis to ensure your website is not at risk. If you need help to run updates safely, our maintenance plan provides ongoing security support to keep your website up-to-date and fully performing.

If you're afraid to run updates because it can break things or you don't know what to do, our website maintenance plan is exactly what you need.

What if I get hacked again after the repair being done?

During the repair process there is a risk to be hacked. But once we detect the cause of the hack and block it, you are secured from further attacks. Also, to prevent attacks, we monitor and address any small issues ahead of time, so you can be worry-free about the security piece of your website.

Can I just restore my site from the backup?

You can, however, restoring your site from a backup will make the problem go away only temporarily. But if you don't determine how the hackers broke in and block them from getting in that way, you will typically just get hacked again within the day or two after you restore your site from backup. If your website got hacked once, it means your website is vulnerable and you will not remove this vulnerability by just restoring it.

Restoring from backup is a short term solution to quickly fix the defacement to avoid reputation damage, while you work on a proper fix.

I found automated tools to clean my site from hack. How are you different?

While there are many automated services that can identify and repair the hacked website, the key problem "the cause of the hack" doesn't go away. It means that your website remains vulnerable and hackers can attack your site again. At Bastion, we treat the problem from all angles and ensure your website is repaired and protected from potential attacks. Here is what we do:

  • Provide initial clean-up and malware removal
  • Detect the root problem that caused the hack so we can block the hackers from getting back
  • Protect further the website to ensure there are no security gaps

Furthermore, the majority of the hacks are automated - which means it's just a matter of hours before the automated hacking tool will retry the same exploit which was found previously on your site.

What we provide differs as we not only clean up the initial damage and fine-tune the security of your site, but also determine the cause of the hack so we can make sure that the hack from the same issue won't repeat. Especially if you are running ongoing SEO or marketing campaigns, it is crucial to make sure you don't keep getting hacked over again.

What is your "Malware Insurance Guarantee" feature?

Malware Insurance Guarantee is your peace of mind insurance that while your site is under our maintenance you are fully covered in terms of malware/hacking.

We monitor your site and apply updates as they become available. If an update is an important security patch - it is our goal to apply the update in shortest possible time.

If, however, your site gets infected with malware before we apply the important security update - we guarantee that we will remove it asap without any extra charges.

How do you apply the updates?

Our system monitors your sites and as soon as update to the core or plugin becomes available - we know it and start preparing to apply the update. Our team determines how crucial are the changes in that update, whether it's a security update which has to be applied right away, or minor bug fixing for a website plugin.

A full site backup is then performed (files and database) before we actually start the update process, to ensure we can easily roll back, in case something goes wrong.

Our system will send you an email with all updates performed at the end of the day.

I have commercial plugins installed on my site, how do you update those?

You must possess the required licenses for any commercial themes and plugins on your site. In order to update those for you, we will contact you to obtain the licenses for those commercial plugins, if an UPDATE requires the license key.

What if a plugin update breaks my site?

First of all, we read the changes (changelog) of every plugin/core release before applying them to your site. Following an update, we validate that your website still operates properly. In case of problem, we restore the previous backup which we did right before running an update for your site.

We then look into the problem and if it can be fixed within an hour - we will do that without any extra charges. If we see that it cannot be fixed within an hour - we inform you of that and provide a quote for fixes.

Is it possible to update my site off-peak hours, based on my timezone?

Sure thing! All you need to do is specify a 4-6 hour window when our team can perform the updates on your website(s) to our support team from within your account.

Does your plan cover WordPress Multisite instances?

If your WordPress installation is a Multisite instance, you'll need a custom plan. Please contact us to get pricing for your particular case.

What can I do to prevent hacks?

Once we detect the source of the hack, we can block it and protect you from hacks. As technology evolves very fast, other security gaps can emerge, so it's crucial to keep an eye on the security of your website all the time. At Bastion, we offer ongoing maintenance service to to ensure that your website is up and running 24/7 and let you focus on other business matters.

Does your system offers dashboard for customers?

Yes! We've created a platform called "Citadel" for our customers to view real-time health of their websites.

In Citadel, you can see your website(s) health, all available updates, plugins & themes, the current status of our maintenance, SSL information, backups status, uptime stats & you can also purchase additional services from there including SSL certificates, dead link checking, penetrations tests, ad-hoc website updates.

What kind of customer support do you offer?

You can contact us through your account - support section or by email.

You can expect a prompt response from 9:00 AM to 6:00 PM (EST) Monday through Friday. After office hours and during the weekend / holidays, we offer limited support.

We always monitor our support channels and ensure that emergency cases are dealt with regardless of the regular support schedule.

This does not apply to the update-windows. We maintain your website updates regardless of the regular support schedule on 24/7 basis.

What are your usual response time and resolution time?

In general, we reply to any request we receive from our clients within 2-8 hours.  The resolution time really depends on the request received and whether we got all the information required to process the request. Usually, requests are resolved within 24-48 hours.

Can you build a website from scratch for me?

Absolutely! Our primary service is custom web development and design and you can review our portfolio here. We've been building websites and web applications of various complexity for our clients around the globe for more than 8 years now. If you have a project or custom development in mind - get in touch with us to discuss it.

Do you offer custom development?

Yes, we do. We've been doing custom development, various integrations, and projects of various complexity for the past 8 years and have a multi-disciplined, talented team that is ready to take on new challenges. We will be happy to discuss your project in detail - just get in touch with us.

What's your availability for addressing emergency issues?

Our team is distributed, and we work from around the globe! Our head office and core-team is located in Toronto, Canada, while some of our employees are international and work remotely. 

Rest assured, our monitoring tools keep an eye on your website 24/7 and if something happens - it alerts our team immediately. Having a distributed team allows us to immediately react to such events at whatever time of day or night this happens.

Are major core version updates included in the monthly service for CraftCMS?

If your website’s code and all the plugins are 100% compatible, we will perform the upgrade to the next major version (e.g. CraftCMS v3.x -> v4.x). However, if you have custom plugins or a major version upgrade fails - we would have to revert the site to the backup created right before the update and then evaluate the required changes. Once that’s done, we will present you with the quote for a major version upgrade.