Everything below is included in our Starter Plan – $47/month.

Fully Managed Hosting

Our Managed Hosting is 100% “done-for-you”. If you’re a non-technical business owner or organization director who never wants to think about web hosting again, then we are for you. Our infrastructure provider is Digital Ocean and we maintain a 24/7/365 server admin team.

Dedicated Website Manager

Unlike other company’s that send you to a random person for support, at WP Harbor, you have a dedicated site manager who knows your website and handles your requests.

Essential Search Engine Optimization (SEO)

We want to make sure all of our customers are set up for success. Unfortunately, we can’t provide full-blown search engine optimization for $47/month. But we can cover some essentials. They are:

  • Installing Google Analytics
  • Setting up Google Search Console
  • Submitting an XML sitemap to Google
  • Optimizing your site to load as fast as possible
  • Ensuring your site is has an SSL certificate enabled

To read more about this, click here.

SSL Certificates

An SSL certificate creates an encrypted connection between your website and the user who is accessing it. It used to be that only websites processing credit card information were required to have an SSL certificate, and technically, that’s still the case.

However, Google has been pushing hard for all websites to have an SSL certificate. How can Google pressure you into having an SSL? For starters, in 2014 they announced they would be giving preference in search results to websites with an SSL installed.

Next, in 2017 Google announced they would be flagging websites without an SSL as “Not Secure” and Firefox followed suite.

2x Remote Backups

We make sure your important data is safe and secure. Your site can be reverted to a backup at any point, with no additional charges or questions asked.

Backup Frequency

Nightly and weekly backups are stored on separate servers. This means that at any given point we have three (3) copies of your site, each one stored on a separate server.

Not all backups are created equal!
Other companies will store a backup of your site on the same server that’s used to host the site. If the server crashes, you could lose everything, including the backup. Our backups are stored offsite on completely different servers than the ones used for your live production site.

Some backups are only configured to capture site files and not the site database. To do a complete site restore, you need everything in your WordPress folder including all uploaded files (/wp-content/uploads), as well as the site’s database.

How long are backups stored?
Backups are stored for 30 days (or the 30 most recent backups if manual backups are created), after which they are deleted permanently. If you’d like to have access to a backup for longer than 30 days after its creation, shoot us an email requesting a copy.

What data is backed up?
We back up everything in your WordPress folder, including all uploaded files (/wp-content/uploads) as well as the site’s database.

Where do you store backups?
We utilize two backup services which store backups on a completely different set of servers than your live site.

Can I have a zip file backup of my site?
Yes absolutly! Just send us an email or give us a call and we will provide you with a link to download a backup.

How do I restore a backup?
Just send us an email or give us a call and we can restore a backup from the previous 30 days for you.

Website Security

We harden your site against hackers, and if it’s hacked on our watch, we remove the malware for free. No questions asked.

Free Malware Removal

We consider keeping your site safe our responsibility. If your site is hacked on our watch we will removal the malware for free. Here are the details on how we keep your site safe:

WordPress core files are locked down

One of the great things about WordPress is that everything is built around the same core software. This allows plugin and theme authors to create awesome tools and designs that can be used by anybody running WordPress.

One of the not-so-great things about WordPress is that the common core used by millions of sites can allow the quick spread of infectioin and damage.

On our servers, nobody can overwrite your WordPress core files.

Everything in your WordPress install is locked down tight, aside from your custom content. Does somebody want to edit your wp-config.php file in order peddle creepy products on your site? Not on our watch!

It is worth noting that locking down core files means you can’t edit them either. This is a good thing because it’s best practice to leave core files alone as they’ll get swapped out in WordPress updates. You don’t want hard work getting wiped out every time WordPress is updated (quite often). If there are files like wp-config.php that you’d like to make changes to, just let our team know and we’ll make those for you! Unlike manual edits, these will carry over from update to update.

Intelligent IP blocking

Intelligent IP address blocking detects intruders and blocks them across all sites on our servers within seconds.
We monitor popular points of entry for hackers and immediately lock out any IP address trying to get through. These points include:

  • Failed SSH Access Attempts
  • Failed WordPress Login Attempts
  • Spam WordPress Comments
  • XMLRPC Connections (which we fully block by default)

We use a variety of techniques to block traffic starting with preventing known malicious IP addresses from opening a session with the server, which is a very severe and immediate action. Another softer layer of security we provide is our proprietary caching ban. This method detects “banned” access attempts and displays a cached page to the visitor stating that their connection has been banned. This method stops the connection at the highest layer of our servers software stack and utilizes the fewest server resources while still presenting a user-friendly response.

In the rare occasion that a client has forgotten their password and keeps trying dozens of time in just a few minutes, they’ll see a ban page but will be presented with easy, on-screen instructions to get their IP un-banned.

Since banned IP information is shared across sites, we develop a kind of “herd immunity” to malicious actors in real time as the attacks come in. So your site’s protected from hackers before they even try to attack your site.

Insecure passwords? Not on our watch.

Although it may not seem like a big deal, having hard-to-guess username and passwords really goes a long way on WordPress. Due to the uniform structure of WordPress, a lot of web bots will crawl across websites, simply appending a /wp-admin to the domain name. If the page loads, the bot will start trying username and password combos starting with some of the most common insecure passwords. So if you have a user named admin and a password of password1234, you’re at a pretty high risk of getting hacked.

That’s why we go to great lengths to ensure that our customers use strong passwords. If you try to create a new password that doesn’t make the cut, we’ll let you know.

Limited Login Attempts

One of the things we do to protect customers from malicious attacks is limit the number of login attempts from a single IP address to three attempts within twenty minutes. If you type the wrong password three times, you must wait to try again.

This goes a long way to deter would-be attackers, as they can no longer just try hundreds or thousands of passwords and try to brute force your account.

Limit Login Attempts works at an IP address level, so if you have multiple users trying to sign in to your site on the same network, they can easily wind up locking each other out, since Limit Login Attempts will only view them as a single user and will count each of their individual failed logins against the overall total allowed, and lock all users out if the limit is exceeded.

If you are locked out from too many failed login attempts, just send us an email and we will clear your IP address so you can get back in.

Automatic WordPress updates

In order to prevent outsiders meddling with your stuff, we make sure your site is running the latest and greatest version of WordPress. These updates often include security patches, which close any doors and windows that hackers may have found in previous versions. We make these updates for you automatically and usually happen within a few days of their release.

Malware Monitoring

We pride ourselves on keeping the bad guys out of your site’s files and database through the preventative security measures mentioned above. That being said, malware prevention is an ongoing cat and mouse game where systems have to react and adapt to the ever-changing security gaps introduced by third-party plugins, third-party themes, or weak passwords.

In the event that you find your site has been compromised by a plugin or theme vulnerability, We can jump in right away and get to work cleaning up the infection. We’ll also notify you of our progress along the way.

If we learn of a wide-spread malware vulnerability within a particular plugin, we will update the plugin or disable it and notify you of the issue.

Free malware removal

In the rare event of a site getting hacked, our incredible team of WordPress experts will quickly and carefully remove the malware for you.  For free.

Steps that you can complete while we’re working on cleanup are updating all themes and plugins on the site to their most recent version, uninstalling any plugins or themes that aren’t being used any longer, and updating all admin user passwords to something as strong as possible. Since outdated plugin/theme versions and insecure passwords are overwhelmingly the cause behind WordPress sites becoming infected with malware, taking care of these updates as soon as possible will also help us to ensure the site stays clean while we’re working on it.

Stop Spam

We’ll install AKISMET, a premium anti-spam plugin (included at no extra cost), and configure it to protect your site against spam comments and spam web form submissions.

Optimized For Speed

Site speed and load time factors into everything from search engine ranking position, to bounce rate, and conversions. It might be something you never thought much about before. It’s one of those things we love to think about so you don’t have to! Here’s how we make your site faster:

Server Level Caching
We use a proprietary caching engine, specifically designed to make WordPress sites fast. It’s especially powerful because it works side-by-side with our Content Delivery Network (CDN) to serve up cached content from global points of presence (POP). When your users hit your site, they receive those files from the server that is geographically closest to them, which decreases load time, improves performance, and ensures all users have the same high-quality digital experience (no matter where they’re located)!

Premium Content Delivery Network (CDN)

Our CDN provider (Fastly) is trusted by some of the biggest sites in the world: BuzzFeed, the New York Times, Yelp, Pinterest, Twitter, and more. Now, your site can leverage those resources!

A CDN stores copies of your site on servers around the world. This shortens the distance between the user and your website, making it load a bit faster. A CDN also helps with load balancing. If there is a spike in traffic on the west coast, it reduces negative impact of users on the east coast.

If you’re thinking “I just have a local business, I don’t need to worry about people all over the world using my website.” That might be true. However, Google factors site load time into account when ranking a website in local search results, and we want to do everything we can to give our clients an advantage over their competitors.

WP Rocket Speed Optimization

WP Rocket is is premium WordPress plugin designed to speed up your website in a variety of ways including Database Optimization, Minification of HTML, CSS, and Javascript files, deferred loading, and more. We provide and install WP Rocket free of charge on each site we host.

Status Monitoring

Most web hosting companies consider it their job to provide hosting space, and that’s it. Whether your website is actually up and running properly is not their job. They just providing the hosting space.

Have you ever had a customer contact you and say “I went to your website and it’s down!” That’s embarassing. Then you have to call your web host and say “hey my site is down, what’s going on?” Aren’t they hosting your website? Shouldn’t they know and care if it’s not working? Again not really. As long as the server is up and running, the typically web host considers their job done.

We think of things a little more holisticly. We host your website, it’s in our care. We should know what is going on with it. If your website goes down we should be the FIRST to know about it.

We ping WordPress sites we host every 60 seconds to check for errors like 500 Internal Server Error and 404 Not Found erors. The catch with our status monitoring is that if the site is down but DOES NOT through an error code, we will not pick it up.

For example, if the site is loading a blank page. From the status monitor perspective, the site is loading without errors. However in this case, something else might be going wrong, such as a hack, in which case we would be alerted by our daily site malware scan.

Premium Plugins Included Free

All clients have access to our suite of premium plugins. These are the most commonly needed plugins for any business or organization and provide the ability for our clients to:

  • Accept credit cards payments
  • Create Online Forms, Applications, and Contracts
  • Capture Electronic Signatures
  • Integrate with Facebook
  • Integrate with Instagram
  • Event Calendars
  • A/B Split test lead capture forms
  • Speed Optimization

Click here for full details on the premium plugins included with our service.

Plugin and Theme Updates

Plugin Updates

Plugins are applications that can be added to extend and enhance the functionality of your WordPress website.  Periodically plugin creators will release updates to fix problems and resolve security vulnerabilities.  Keeping your plugins updated regularly ensure you have a safe and well functioning website.

When you host your website with WOWIE, we update your plugins for you twice a month. This makes sure that your website is running the latest version of your plugins and is fighting security threats properly.

Starting with quality plugins is important too.  There are tens of thousands of plugins available for WordPress.  However, not all of them receive regular updates or have responsive support.  On top of updating your plugins for you, we offer a variety of free premium plugins as part of our service!

Theme Updates

Themes are what help give your website it’s appearance and base functionality.  When we update your plugins we also look for available updates for your themes.

Much like plugin updates, theme updates occur periodically and are required to keep your site running well and secure.  Failing to make available updates can cause conflicts and leave your site open to hackers and other security threats.  For this reason we update themes and plugins twice a month as part of our service to you!

24/7/365 Support

Your website is mission-critical! Your team at WP harbor is on call 24/7, 365. We monitor your website by pinging it every 60 seconds. If it fails to respond, our team is alerted and we go to work restoring it. Our regular office hours are Monday-Friday, 9-5 pm, EST. Outside of those hours, we offer on-call text, live chat, and phone support.

Speed Optimization

Our hosting is built on fast cloud servers from Digital Ocean with server-level caching. Our servers are optimized to host WordPress and only WordPress. Generally speaking, your site will run fasters just from being on our server. In addition, every site we manage is reviewed and individually optimized to load as quickly as possible.

Optimization includes:

  1. Installing and configuring WP Rocket. One of the best (paid) speed optimization plugins available. It’s included with our service at included at no additional cost)
  2. Setting up your site to utilize Cloudflare’s Content Delivery Network (CDN)
  3. Running a speed optimization test (Google Lighthouse or GT Metrix) to identify any easily resolvable loading issues

If your site needs further speed optimization, such as deferring javascript or removing “junk” code that came installed with a bloated theme, we can help with it will be quoted on a project basis. 

Site Status Monitoring

Every 60 seconds, we ping your website to make sure it’s up and running. If it fails to respond, our team is notified. We start an investigation and work to bring your site back online. This service is included at no additional cost. It’s our job to keep your website online!

Visitor Tracking

We set up your website with Google Analytics and Google Search console. This is not only important data to collect, but connecting your website to Search Console (and submitting a site map, which we’ll also take care of for you) falls under Search Engine Optimization best practices. 

Unlimited Edits Plan – $167/month.

Unlimited Edits

Our Unlimited Edits plan includes everything from our Starter Plan, plus, as the name implies, unlimited edits. This plan is geared towards existing sites that need content added, updated, or changed on a regular basis. Click here to learn more about this plan

These services are charged individually.

Web Design & Development - $100/hour

We provide custom web design and development for $100/hour. You can see some of our work here: https://wpharbor.com/web-design/

Email - Starting at $4/inbox

More information is available here: https://wpharbor.com/email/

Domain Management - $35/domain


  • Annual Registration
  • Domain Privacy
  • Unlimited DNS Updates

More information is available here: https://wpharbor.com/domains/

Advanced Search Engine Optimization - $900/month

More information is available here: https://wpharbor.com/advanced-seo/