WordPress security
Protect your patients’ trust
Healthcare websites carry names, phone numbers and appointment details — exactly the data the Kenya Data Protection Act, 2019 expects you to protect. We harden, monitor and defend WordPress sites for medical practices, and respond fast when something looks wrong.
Why it matters
Layers of defence, not a single plugin
Hardening & firewall
Web application firewall, login protection, two-factor authentication for staff and least-privilege user roles.
Malware scanning
Daily scans for malware, defacement and suspicious file changes — with cleanup included, not billed as an emergency.
DPA-aware data handling
Forms, analytics and storage reviewed against the Data Protection Act: collect less, encrypt in transit, retain only what you need.
What’s included
The full security stack
From prevention to detection to response — each layer assumes the one before it can fail.
- Web application firewall (WAF)
- Login hardening & two-factor authentication
- Least-privilege user role review
- Daily malware & file-integrity scanning
- Vulnerability monitoring for installed plugins
- DPA 2019 data-handling review of forms & analytics
- Incident response & cleanup included
- Quarterly security report for management
How it works
How we secure a site
01
Scan
Free initial audit: vulnerabilities, outdated software, exposure points.
02
Harden
Firewall, 2FA, role cleanup, secure configuration applied.
03
Monitor
Daily scanning and vulnerability watching, with alerting to our engineers.
04
Respond
If anything fires, we contain, clean and report — within the response window.
Pricing
Security plans
Standalone, or discounted when bundled with a care plan or hosting.
Shield
KES 6,500
Per month · single site
- WAF & login hardening
- Daily malware scanning
- 2FA setup for staff
- Cleanup included
Most popular
Shield Plus
KES 12,500
Per month · single site
- Everything in Shield
- Plugin vulnerability monitoring
- DPA data-handling review (annual)
- 4-hour incident response
- Quarterly management report
One-time Hardening
KES 25,000
One-time project
- Full security audit
- Hardening & 2FA rollout
- Malware cleanup if infected
- Written findings & fixes report
Yes — cleanup is something we do regularly. We remove the infection, close the entry point, and harden the site so it does not recur.
If your forms collect names, phone numbers or health-related details of Kenyan residents, the Act applies. We configure sites to collect the minimum and protect what is collected.
We complement it. Host-level security protects the server; we protect the WordPress application itself — where most healthcare site attacks actually happen.
Software versions, known vulnerabilities, exposed endpoints, SSL configuration and blacklist status — summarised in plain language with your quote.
Get your site security-checked
Free initial scan with every quote request. Response within one business day.