We learned a few things in cleaning up after several of our customers had their sites defaced.

We’ve have better methods to protect sites and, when things happen, we’re better prepared to clean things and bring them back.

We learned a whole bag of new tricks to secure websites. It’s impressive what’s possible. At this point, we could literally write a book. Perhaps Security Best Practices for WordPress.

But, that’s really only one piece. Last year, I read an article about how they approach take to security in Africa. Our approach is to build the strongest castle possible to keep “the bad guys” out. In Africa, companies often don’t have the resources to pay to build those castles. They assume the bad guys will get in. They’re right. Sometimes “the bad guy” is one of the employees. Or “the bad guy” convinces an employee they’re the server repairman. Or, “the bad guy” finds the security hole that only shows up at low tide under a full moon that allows him to crawl through the castle wall.

If the castle walls won’t keep “the bad guy” out, what do you do when it happens?