WordPress Security is one of those topics that divide people into three separate groups: some people enjoy outsourced services, some people really enjoy saving a few bucks by doing it themselves and some business owners simply just don’t mind. Let’s see how this decision affects their business in short and in long terms. Since we’re one of those companies who offer a wide range of services, we’re gonna be bias and not eliminate cheaper or simpler approaches, (even if we consider them inferior or not worthy of tackling current challenges).
A DIY approach is to research about WordPress Security. This will give you several plugins, several companies specialized only in security and a few companies, who offer their services, security tailored to your needs. Security specialized companies bills are top notch cost, so basically, everybody ignores them at this point due to the complex technical description, that is hard to understand and monthly costs, that rivals development costs.
Second elimination is the WordPress services companies because you’re looking for security and they offer security with several (at least 3-5) additional services bundled in. Since cost and services are extremely variable in this segment, a comparison between two company is almost impossible. The only advantage of this segment is flexibility. Anything else is marketing and demand-supply needs.
Last and mostly considered approach to security is WordPress plugins. Searching after the information is easy, the internet is full of reviews, recommendations and it tickles you with the price zone much with the abundant FREE options. This is the pit, that most DIY people fall. You understand the symptoms, not the problem. If your site is hacked, that is only means to an end. How it got hacked is the security question and how you undo is the question, that tackles the hacking’s result. Next is the configuration of security plugins: everything ON drags down performance, usability and basic functionality of your site. Tinkering with these is not a DIY’s strong suite. Installing and activating several security plugins (since they offer protection from different problems) is the most rookie mistake. Not only performance, visitor usability and basic site functionality is affected, but the security plugins block each other's functionalities rendering them altogether utterly useless.
Those who fail to consider security and do nothing to prevent basic attempts are those who have their reputation shattered and their “we’re doing fine” castle crumbled every time. This is by far the worst option! Extremely costly recovery services, in tandem with security auditing and security hardening just add to their “financial urgency extortion” pain. A simple comparison of industry’s average prices is ten times the worth compared with a monthly service paid in advance for a year plan - and this just to get back on your feet. Not mentioning the panic, annoyance, and frustrations of you and your staff.
Our recommendation: hire a staff capable handling this segment from your online business. This is something that needs constant professional attention. If you cannot afford this, then outsource security to a dedicated security company. If this is still something costly, consider a services company outsourcing ONLY IF they offer tailored solutions and they are capable auditing your security issues.