WebARX is one of a number of WordPress security solutions around but caters for other PHP-based platforms just as effectively, which is useful if you have other non-WordPress applications running too. They also offer a professional malware removal service if your site has been compromised, as well as a DIY guide if you want to do it yourself.

Please note: it’s not simply a plugin but a cloud-based service that integrates directly with your WordPress website (via a plugin).

Before we begin a couple of words about security at the host level – the tech WordPress is running on. More reputable providers will have invested in best-in-class solutions to secure their networks mitigating a lot of the threats before they reach the application.

We offer, for example, “always-on” DDoS protection and regular virus scans as part of all our WordPress hosting packages. But it’s not just the tech that needs to be secured; humans are a risk too, which is why we’re very diligent with our processes and procedures.

Who is WebARX for?

Anyone who is responsible for maintaining a WordPress website: digital agencies, freelance developers, business owners that are hands-on with their digital platforms.

Securing WordPress with WebARX

Once you have signed up you’ll need to install the WebARX plugin and link it to your main account. You’ll have access to WebARX functions and reports from your WordPress install and a view of all your secured sites from your WebARX Portal account (with the option to drill down into the detail for each).

The screenshot below shows the dashboard view of a demo website, where you see two key metrics displayed: Attacks Blocked and Uptime. Don’t panic if you see many blocked attacks in your portal — it’s quite normal for websites to be targetted multiple times a day. These attacks are typically triggered by automated scripts (bots and spam) pinging thousands of websites every hour, looking for vulnerabilities. Developers can review the types of attacks and determine if any action is needed.

Hardening and back-ups

The Hardening and Software tabs cover important functions in WebARX to help prevent security breaches. The former offers a number of options to tweak an instance of WordPress and make it harder to be attacked. The Software tab lists plugins and themes that are unsafe and need to be updated or removed altogether.

Here are some of the hardening options:

• Login Rate Limiting
• Change of admin page URL
• reCAPTCHA & 2 Factor Authentication
• User Activity Logging
• HTTP Security Headers

WebARX allows you to create off-site backups too, which you can set to run on a schedule as well as save to Google Drive.

Monitoring and alerts

Like all good security systems, WebARX is updated regularly to make sure that it’s protecting your application from the latest threats. As part of this process, they have built monitoring and alerts covering:

• SSL/TLS monitoring
• Blacklist monitoring
• Error monitoring
• Up-time monitoring
• Domain expiration monitoring
• Certificate expiration monitoring

You can’t act on what you don’t know, right? You can generate and download reports within the WebARX Portal and set email and Slack alerts. Agencies can add their own logos to the reports before sending them through to their clients.

WebARX: Our thoughts

We tested WebARX on our servers on and did not encounter and technical issues or conflicts — set up was indeed a breeze and a matter of a couple of minutes. We were running the following plugins:

• Classic Editor
• Elementor
• Contact Form 7
• Swift Performance Lite
• Page Builder Framework
• Site Kit by Google (Beta)
• Advanced Custom Fields

We didn’t experience any deterioration in performance either (but our testing was limited to a handful of concurrent users).

WebARX blocked 58 attacks over the 14 day period and uptime was 100%.

This does not mean that WebARX necessarily prevented our test site from being hacked but blocked the attempt.

For example, the malicious URL requests below would not have worked in our set up. The second attempt is for a different programming language altogether, indicating that the hacker is simply targetting as many websites as possible to eventually find the vulnerable one.

This is exactly what Oliver means in the Q & A above:

Among millions of WordPress sites, poor password security is still a thing, but what we see as the biggest problem is the severe amount of vulnerabilities introduced by third-party components, plugins in WordPress ecosystem. Bots are actively looking for sites with vulnerable plugins installed and try to detect vulnerabilities in popular plugins as fast as possible to be able to harvest resources and traffic for mainly monetary purposes.

We particularly like how WebARX scans a WordPress website and returns a report indicating what’s safe and what needs attention. This is the type of check a developer should carry out as part of a scheduled maintenance program, as we have recently described in our Project managing your WordPress hosting ops with Teamwork eBook.

To conclude: WebARX is one of the best WordPress security solutions with a solid track record and a team of experts working round the clock to ensure it’s kept up to date. It complements nicely the security layer a reputable hosting provider has in place, going that extra step to protect WordPress-specific vulnerabilities. It works with non-WordPress applications too, which makes it a good option for agencies that work with different platforms and / or build their own PHP applications.

They have done a good job with the interface too, both the dashboard that is accessed via WordPress and the portal, and have all the reports and alerts you need to easily integrate it as part of your workflow: scheduled maintenance, random audits and the drop-everything-and-fix-a-vulnerability scenario.

If you have any questions about WebARX or our testing add a comment below.

Try WebARX before you buy

The team there are more than happy to show you around their platform and answer any questions you may have – just register for one of their product demos.

You can also try WebARX for 14 days for free. Set up only takes a minute and you ask for help via live chat.