Multi-layer care and defence of your
websites with 20% DISCOUNT (or more)

My website has been hacked. What should I do first?

Having your website hacked is a very stressful time. When a website hack happens, it makes a website owner feel unsafe and troubled. The danger of hacking will strictly depend on the type of hack. The hacks can vary from simple unwanted actions such as malicious verbiage or temporary losing control over your website to something more severe that can threaten the whole integrity of your online presence. In any case, if this unfortunate event happens, you need to follow some basic steps:

React

It is important to recognize the problem quickly and address it. While panicking is not the best approach, be aware that the longer the hack is prolonged the more potential harm it can cause.

Investigate

Start collecting as much information as you can about what and when it happened. In addition, ensure you know your server login information. This all will be necessary information as part of the process of repairing the hack. Don't waste your time looking for people to blame. It will only hold you back from solving the problem.

Don't rely on easy fix

Be aware that site restore from a backup or automatic cleaning are necessary steps that are part of the process, but they don't solve the root of the problem behind the hack. Don't underestimate the problem if you don't want to be hacked again.

How quickly can you fix the hack?

The quick answer is "it depends". It can be fixed within a couple of hours or it can take up to two days. If we deal with experienced hackers, it might take even longer to find out how they attempted to crack the code, block them and back online your website.

How do I know if my problem can be fixed?

Most website hacks can be fixed and it doesn't matter whether your website is built on WordPress, Joomla, Magento, or any other CMS system. The only problem that can?t be fixed is when the hack caused irreversible damage such as website complete destruction. In this case, you can only rely on retrieving all you can from backups.

How much does it cost to bring my site online?

When it comes to the cost of being hacked, it really depends on the hack, but it's always high. The repair can be as simple as finding and removing a file or code added by the hacker. But, if hackers ruined everything on your account, including your site, content, and graphics or they infected the server/host with malware, then it means you have to replace everything, and it can be a much more complicated case. Get in touch with us today, so we could evaluate your situation and provide an estimate on the recovery.

If my site gets hacked, will it affect my search engine rankings?

Search engines do understand that getting hacked is not necessarily your fault, but they also have to protect the people they would otherwise send to your site. Google and other search engines can detect if your website has been hacked and in order to protect users, they will flag it to them. While it is not your fault, you need to act quickly to save your ranking and to ensure your website is not removed or blacklisted. Unfortunately, when the website is down, your ranking drops too. So if you don't address the problem quickly, it may impact your rankings.

What are key reasons why websites are being hacked?

The common reasons why your website can be the target of a hack include:

• Outdated version of your CMS (WordPress, Drupal, Joomla, etc)
• Old or unsupported themes and plugins. They should be updated, and the ones that are not maintained by the developer should be removed.
• Poor customization is done by a freelancer programmer with questionable experience
• Badly written custom code

Most CMS are customizable, which means that you can build your own site, and your own theme and add as many functionalities as you need by setting up third-party plugins. This also increases the attack surface of the CMS, as each plugin may have its own vulnerabilities and can cause side effects during the installation process.

Running updates and patching vulnerabilities should be done on a regular basis to ensure your website is not at risk. If you need help to run updates safely, our maintenance plan provides ongoing security support to keep your website up-to-date and fully performing.

If you're afraid to run updates because it can break things or you don't know what to do, our website maintenance plan is exactly what you need.

What if I get hacked again after the repair being done?

During the repair process there is a risk to be hacked. But once we detect the cause of the hack and block it, you are secured from further attacks. Also, to prevent attacks, we monitor and address any small issues ahead of time, so you can be worry-free about the security piece of your website.

Can I just restore my site from the backup?

You can, however, restoring your site from a backup will make the problem go away only temporarily. But if you don't determine how the hackers broke in and block them from getting in that way, you will typically just get hacked again within the day or two after you restore your site from backup. If your website got hacked once, it means your website is vulnerable and you will not remove this vulnerability by just restoring it.

Restoring from backup is a short term solution to quickly fix the defacement to avoid reputation damage, while you work on a proper fix.

I found automated tools to clean my site from hack. How are you different?

While there are many automated services that can identify and repair the hacked website, the key problem "the cause of the hack" doesn't go away. It means that your website remains vulnerable and hackers can attack your site again. At Bastion, we treat the problem from all angles and ensure your website is repaired and protected from potential attacks. Here is what we do:

• Provide initial clean-up and malware removal
• Detect the root problem that caused the hack so we can block the hackers from getting back
• Protect further the website to ensure there are no security gaps

Furthermore, the majority of the hacks are automated - which means it's just a matter of hours before the automated hacking tool will retry the same exploit which was found previously on your site.

What we provide differs as we not only clean up the initial damage and fine-tune the security of your site, but also determine the cause of the hack so we can make sure that the hack from the same issue won't repeat. Especially if you are running ongoing SEO or marketing campaigns, it is crucial to make sure you don't keep getting hacked over again.

What is your "Malware Insurance Guarantee" feature?

Malware Insurance Guarantee is your peace of mind insurance that while your site is under our maintenance you are fully covered in terms of malware/hacking.

We monitor your site and apply updates as they become available. If an update is an important security patch - it is our goal to apply the update in shortest possible time.

If, however, your site gets infected with malware before we apply the important security update - we guarantee that we will remove it asap without any extra charges.

How do you apply the updates?

Our system monitors your sites and as soon as update to the core or plugin becomes available - we know it and start preparing to apply the update. Our team determines how crucial are the changes in that update, whether it's a security update which has to be applied right away, or minor bug fixing for a website plugin.

A full site backup is then performed (files and database) before we actually start the update process, to ensure we can easily roll back, in case something goes wrong.

Our system will send you an email with all updates performed at the end of the day.

I have commercial plugins installed on my site, how do you update those?

You must possess the required licenses for any commercial themes and plugins on your site. In order to update those for you, we will contact you to obtain the licenses for those commercial plugins, if an UPDATE requires the license key.

What if a plugin update breaks my site?

First of all, we read the changes (changelog) of every plugin/core release before applying them to your site. Following an update, we validate that your website still operates properly. In case of problem, we restore the previous backup which we did right before running an update for your site.

We then look into the problem and if it can be fixed within an hour - we will do that without any extra charges. If we see that it cannot be fixed within an hour - we inform you of that and provide a quote for fixes.

Is it possible to update my site off-peak hours, based on my timezone?

Sure thing! All you need to do is specify a 4-6 hour window when our team can perform the updates on your website(s) to our support team from within your account.

Does your plan cover WordPress Multisite instances?

If your WordPress installation is a Multisite instance, you'll need a custom plan. Please contact us to get pricing for your particular case.

What can I do to prevent hacks?

Once we detect the source of the hack, we can block it and protect you from hacks. As technology evolves very fast, other security gaps can emerge, so it's crucial to keep an eye on the security of your website all the time. At Bastion, we offer ongoing maintenance service to to ensure that your website is up and running 24/7 and let you focus on other business matters.

Does your system offers dashboard for customers?

Yes! We've created a platform called "Citadel" for our customers to view real-time health of their websites.

In Citadel, you can see your website(s) health, all available updates, plugins & themes, the current status of our maintenance, SSL information, backups status, uptime stats & you can also purchase additional services from there including SSL certificates, dead link checking, penetrations tests, ad-hoc website updates.

What kind of customer support do you offer?

You can contact us through your account - support section or by email.

You can expect a prompt response from 9:00 AM to 6:00 PM (EST) Monday through Friday. After office hours and during the weekend / holidays, we offer limited support.

We always monitor our support channels and ensure that emergency cases are dealt with regardless of the regular support schedule.

This does not apply to the update-windows. We maintain your website updates regardless of the regular support schedule on 24/7 basis.

Why it's important to keep website updated at all times?

Excellent question.

Any platform, whether it is WordPress or CraftCMS, is maintained by it's community/developers. Whenever update is released - it contains bug fixes, new features, improvements and most important - security patches. If a major security flaw was identified in the platform core or some plugin, it is crucial to update your site as soon as patch comes out, to avoid possibility of being hacked or infected with malware. And that's why you have us!

Can you do a security audit for me?

Yes, we do provide such service. You can order it during the checkout process on our site. For more information - please contact us.

Do you provide additional services, aside from website maintenance?

Yes, we do. Currently, you can purchase the following services: Website Maintenance, Emergency Malware Recovery (in case your site is not under our maintenance yet), SSL certificates (installation included).

Aside from these services, we provide full-service web development. We can do custom plugin development, content adjustments, and anything else you need for your website. Please contact us if you need any of these services.

Can you do a website security audit?

Yes, we can. At Bastion, we perform comprehensive security audits for your website, your server, your web application, or any combination of those. If you need help with a security audit, please contact us.

I have my own web design business. Can I resell your services to my clients?

Yes, there is an option to combine our maintenance services with your core services, whether is a design or development. Some clients need to have a company they can refer to their own clients, in case their website is hacked. For more information on reselling our maintenance services, please contact us.

I think my website has been poorly built and is not secure. Can you repair it?

At Bastion, we often deal with a situation when rebuilding a website is the best solution. Unfortunately, there are many so-called "CMS experts" that take advantage of a client by offering inappropriate web solutions, including building plugins that already exist, using raw PHP code to "shell your CMS" for a custom theme, intentionally choosing PHP framework for small websites instead of using a CMS platform, etc. All these methods are needless and make your website more vulnerable and unstable. If you need help rebuilding a website, contact us.

My email has been hacked. How you can help?

If you host an email account and your website on the same server then we can solve your problem. Eventually, the ability to help will depend on your unique email settings.

My social media accounts have been hacked. How can you help?

Fixing hacked social media accounts is out of scope of our services. If it happens, we suggest contacting a social network for their assistance.

How soon will you fix my site?

We understand that your business relies on your website and it's important to have your site up and running in the shortest period of time.

Site recovery time for websites that are not under our ongoing maintenance program must be evaluated first. That evaluation will start as soon as we receive access information from you. We then assess the situation with your particular website and suggest next actions and provide associated costs. Typically, simple hacks can be fixed within 3-5 hours and severe cases can take up to 2-3 days to fix (if you don't have a backup of your site and both site files and database were altered).

Will you install security plugins for me?

We will definitely recommend installing a security plugin if you don't have one, though we will never install any plugins without your knowledge or approval.

The only exception is when you sign up for maintenance plan. In order for our system to monitor your site - we will install a website telemetry gathering plugin which we created for this (with tiny footprint).

What if my site will be hacked again, after you fix it?

Once we analyze and fix your site, we will also provide recommendations on other steps you must take to ensure site does not get compromised again (like changing FTP passwords, in case we didn't have access to your hosting account).

In case your site is hacked again within 30 days after our restoration service - we will fix it again, without any extra charges.

The recommendations we will provide for your site will clearly indicate that you have to maintain your site and install updates as soon as they become available and we want to be absolutely transparent and ensure that both you and us are on the same page. If you decide to maintain the site yourself after we restore it for you, and get hacked within those 30 days because of not keeping up with updates, we will have to request you to re-purchase the service to fix your site again.

What if my site has abandoned plugins?

When we recover your site, we will always advise you if a plugin/theme has security issues which don't have an update available. In this case, we will either suggest an alternative or provide a quote to fix the security issue for this plugin for you.

Do I have to purchase your maintenance with repair service?

In short - no, you don't have to. When we restore your site from hack/malware - we patch it up with the latest available updates and you will be fine for some time. However, if you don't have time to maintain your site after we restore it - we strongly advise signing up for our maintenance. If the site is not maintained, it's just a matter of time before the site will be compromised again.

What payment methods do you accept?

You can pay with any major credit card. Payments are handled securely by our payment provider- Stripe.

Please note, if your recurring payment fails to renew, your subscription will be automatically paused and website maintenance or daily backups will not be performed anymore.

What's your refund policy?

If for any reason you are not satisfied with our monthly maintenance service, you are entitled to a pro-rated refund for the time left during the maintenance period purchased (if pre-paid for more than 1 month). For all other products, we will gladly refund the fee if the service wasn't performed/delivered yet.

Do you offer discounts for charities and non-profit organizations?

Yes. We offer discounts for charities and non-profit organizations. Simply contact us and we'll let you know the discount and set you up.

Can I cancel the subscription at anytime?

Yes, you can. Just open a support ticket once you login to your account.

You will continue to receive maintenance service for your websites until the end of the subscription date unless you request a refund. Subscription will not renew automatically.

Why do I see a charge from "Convergine" on my credit card?

Convergine is our parent company and main system developer. For that reason, you may see the following on your bank statement:

• convergine
• convergine.com
• convergine corp

Do you offer white-label re-selling option?

Yes! If you own a marketing, design or development company, or just have lots of WordPress (or CraftCMS) clients for whom you need to maintain their sites - we'll be happy to discuss options of reselling our services.

Do you have affiliate program?

We're currently working on affiliate system. If you're interested in re-selling our services, please get in touch and we'll be happy to discuss it.

How can I provide my website access to you?

Once you sign up for the service - your account manager will be in touch to get the details from you. He/she will request you to send the details using a self-destructing link (service). 

What's your onboarding process?

Once you sign up for one of our care plans, you’ll receive a welcome email from your personal account manager with all the further instructions. Typically, we fully set up new accounts within 24-48 hours.

Do you offer phone support?

We handle all our support through email at this time, which allows us to keep competitive pricing with other providers of similar services. Rest assured, your email requests are our top priority and they will be handled respectively. 

For large accounts, white-label partners, and custom development requests - we do offer other means of communication, including over the phone, however, task technical description confirmation/approval will always happen in digital form.

What are your usual response time and resolution time?

In general, we reply to any request we receive from our clients within 2-8 hours.  The resolution time really depends on the request received and whether we got all the information required to process the request. Usually, requests are resolved within 24-48 hours.

Can you build a website from scratch for me?

Absolutely! Our primary service is custom web development and design and you can review our portfolio here. We've been building websites and web applications of various complexity for our clients around the globe for more than 8 years now. If you have a project or custom development in mind - get in touch with us to discuss it.

Do you offer custom development?

Yes, we do. We've been doing custom development, various integrations, and projects of various complexity for the past 8 years and have a multi-disciplined, talented team that is ready to take on new challenges. We will be happy to discuss your project in detail - just get in touch with us.

What's your availability for addressing emergency issues?

Our team is distributed, and we work from around the globe! Our head office and core-team is located in Toronto, Canada, while some of our employees are international and work remotely. 

Rest assured, our monitoring tools keep an eye on your website 24/7 and if something happens - it alerts our team immediately. Having a distributed team allows us to immediately react to such events at whatever time of day or night this happens.

Care question

Care question answer

Are major core version updates included in the monthly service for CraftCMS?

If your website’s code and all the plugins are 100% compatible, we will perform the upgrade to the next major version (e.g. CraftCMS v3.x -> v4.x). However, if you have custom plugins or a major version upgrade fails - we would have to revert the site to the backup created right before the update and then evaluate the required changes. Once that’s done, we will present you with the quote for a major version upgrade.