TTX Smart Managed WordPress Hosting

Product Description

Website Hosting Services Provided by Host:

1. Migration of Client’s site from the Client’s current server to the Host’s environment.
2. Website hosting of one domain (ttx.com) on production server and staging server
   (available only to host for site updates.)
3. WordPress core updates monthly. Updates are performed manually on a staging server. The Host will verify the update, and the client will not. Once the update has been verified, the updated site is promoted live.
4. Plugin updates performed semi-monthly. Updates are performed manually on a staging server. The Host will verify the update, and the client will not. Once update has been verified the updated site is promoted live.
5. Daily website backups. Thirty (30) days of backups are stored on site and off site in a secure location.
6. Security scans performed at time of migration and daily.
7. 24x7x365 website uptime monitoring. Critical issue reports will be sent to client’s
   notification email: [email protected] within an hour of incident.
8. Weekly performance scans. Updates or changes required per report will be
   performed monthly.
9. Phone, Chat – Monday – Friday, 9am – 6pm EST
10. Online Ticket Support – Monday – Friday, 7am – 7pm EST
11. Priority Support: Emergency email and phone support 24/7. In the event that priority support is needed, the Host shall respond to emails or telephone calls from the Client within ten minutes.
12. Install and maintain CDN (content delivery network system). The base code for the site remains in the continental US.
13. Install SSL certificate and maintain annually if needed. (Let’s Encrypt SSL certificate for root domain and “www” only – This is not a wildcard certificate)
14. Site wide SEO performed at time of migration. Monthly SEO scan and maintenance.
15. Monthly Client Report including analytics, uptime, detected security events and SEO. HOST will provide reports within 1 hour of detection of security incidents that are escalated for investigation and report on actions taken by HOST to remediate them. Report will be emailed to client named contacts.
    Security:
    HOST will install, configure, maintain appropriate security software including antivirus, and security software specific to WordPress environments such as iThemes Security Pro plugin (if determined necessary by Client and Host) for WordPress. HOST will monitor the Client site for malware to detect the following infection types: Obfuscated JavaScript injections, Cross Site Scripting (XSS), Website Defacements, Hidden & Malicious iFrames, PHP Mailers, Phishing Attempts, Malicious Redirects, Backdoors (e.g., C99, R57, Webshells), Anomalies, Drive-by-Downloads, Social Engineering Attacks, SEO Blackhat Spam, Pharma Hacks, Conditional Redirects, Mobile Redirects. Upon discovery of malware, HOST will immediately notify the Client and provide regular information updates regarding steps taken to remediate the issue. Third-party penetration testing is completed at least once a year, remediation plans developed to addressed immediately.

    HOST will implement security best practices including but not limited to: network brute force login protection, malware scanning, file change detection, least-privilege file permissions, disabling unnecessary network ports, uninstalling unnecessary software, disabling or uninstalling unused APIs, 404 Detection against vulnerability scanning, require strong passwords, two factor authentication, removing version numbers and banners, an IP monitor to help prevent brute force attacks, changing the default admin URL, and changes to the DB name to help prevent SQL injection attacks.

    HOST will configure the security settings on the server and DB and inform Client of the settings in place.

    HOST will monitor the WordPress site, relevant plugin sites, and industry sources (e.g., US-CERT, NIST National Vulnerability Database) for vulnerabilities affecting the Client site. HOST will handle all technical aspects of hosting WordPress, including automatic and manual updates when required to remediate vulnerabilities in core and plugin components. Host will expedite the patching of all critical vulnerabilities that present a high risk to client services. HOST will provide to the Client a monthly report listing known existing and resolved vulnerabilities associated with the Client site.

16. Theme updates will be performed quarterly and as needed if required for security or WordPress core and plugin incompatibility. This includes, backup and archive of theme, updates and testing. All updates will follow procedure outlined in “Update Process.” This is expected at 25 hours annually.
17. Design and programming support needed to make changes as per Client’s request that fall within the existing theme design templates for pages and posts. All updates will follow procedure outlined in “Update Process.” This is expected at 25 hours annually.

    Examples of services: Design changes needed within existing templates to modify or add content and or functionality; Consulting with client on plugin recommendations; Support for WordPress content, functions and settings.

    Additional charges for design or programming changes that are outside the existing theme design will be presented as an estimate based on scope of work. Examples: Design of new page or section of website where no current page template design exists. Creation of display format for new device type i.e. new resolution of iPhone or android device.

    Services, changes and/or scope of work resulting in additional charges should be approved by Client in advance of beginning any work.