Infosec Chicago

Statement of Work - Managed WordPress Security

This Statement of Work (“SOW”) is entered into and made effective on September 29, 2020 (“Effective Date”) and is made pursuant to that certain Infosec Chicago Master Services Agreement entered into as of (“Agreement”) by and between Brian Semrau d/b/a Infosec Chicago (“Infosec”), and (“Client”).

Capitalized terms used herein but not otherwise defined herein have the meanings ascribed to such terms in the Agreement.  If the terms and/or conditions of this SOW conflict with the terms and/or conditions of the Agreement and/or with any other SOW, the terms and/or conditions of this SOW will control (unless otherwise expressly provided herein or in the Agreement) solely with respect to the Services performed under this SOW. 

  1. Services.
    a.  Description of Services. 
    Infosec shall provide the following services (“Services”) as further described herein.

    i.  Managed Security Services.
    Infosec shall assist Client with managing its system which shall include without limitation hosting their WordPress site on servers provided by and paid for by Client.  Infosec claims no responsibility for the servers Client hosts on, and Client is responsible for maintaining servers, hiring appropriate 3rd party services to maintain servers, or otherwise pay Infosec at the standard hourly rate agreed upon in Agreement.  Infosec shall provide the following services on Client's site, which may be added to or modified at any time at the discretion of Infosec:
       >  Brute Force Protection
       >  Directory/File Fuzzing Protection
       >  Restrict Passwords In HaveIBeenPwned
       >  Multifactor Authentication
       >  Daily Malware Scan
       >  Web Application Firewall
       >  Block known-bad IP addresses
       >  Live backups
       >  Daily database snapshot backups (14 copies will be kept before being written over)
       >  Weekly full site snapshot backups (5 copies will be kept before being written over)
       >  Managed WordPress core, themes, and plugin updates
       >  SSL/TLS configuration using certificate provided by Client, or Let's Encrypt if Client's server supports the user of Let's Encrypt
       >  reCaptcha on sensitive pages (optional - Client shall alert Infosec if this is not desired)
       >  WP Rocket caching plugin (optional - Client shall alert Infosec if this is desired)
       >  Cloudflare configuration (optional)

       Further description of these services can be found at; however, specifics of these services are subject to change at any time in order to protect Client against the current threats being seen against WordPress sites.

  2. Term.

    The initial term of this SOW shall commence on the Effective Date and shall continue for a period of 1 months thereafter, unless terminated earlier in accordance with the terms and conditions of the Agreement.  The SOW term shall renew automatically upon expiration of the previous term unless either party gives notice that they wish to terminate the agreement at least 10 days prior to the automatic renewal (unless otherwise agreed upon within the Agreement).
  3. Fees and Payment Terms.

    In consideration of Infosec’s performance of the Services in accordance with this SOW and the Agreement, Client will pay Infosec a fixed fee in the amount of $35/month.  Such fee shall be due and payable as follows: 100 percent (100%) upon execution of this SOW and on the first of each month thereafter. 
  4. Additional Terms:

    a.  Client will provide Infosec with full administrative access to their current WordPress site for the entire term of this Agreement and subsequent renewals of this Agreement.  If Client does not currently have a WordPress site, Infosec shall install a new instance of WordPress for Client on Client's server; however, Infosec shall not have any hand in the design of the new instance of WordPress.  Client agrees to allow Infosec to maintain full administrative access to the new instance of WordPress for the entire term of this Agreement and subsequent renewals of this Agreement.

    b.  Under no circumstances should any service represented in this contract be interpreted to indicate that Infosec shall assist with any design of the WordPress site.

    c.  Email service management is not included in this Agreement.  Email services such as Office 365 or Google Apps for Business can be added on; however, another Agreement will need to be signed for these services.  Please reach out to [email protected] to sign up for email services.

    d.  Client understands that while Infosec shall take reasonable steps to harden Client's site per the work described in this Agreement, there is no such thing as 100% security or a guarantee that their site will never be compromised.  In the event that Client's site is compromised, Infosec shall make a reasonable effort to help Client recover access to their site (such as restoring from backups if alerted within a reasonable amount of time before the backups have been written over).


IN WITNESS WHEREOF, the parties have caused this SOW to be signed by their duly authorized representatives as of the date set forth below.

For: Client


Date: September 29, 2020


For: Infosec Chicago

Brian Semrau

Date: September 29, 2020


(Signatures below)

Leave this empty:

Signature arrow

Signed by Brian Semrau
Signed On: December 1, 2019

Infosec Chicago
Signature Certificate
Document name: Statement of Work - Managed WordPress Security
lock iconUnique Document ID: 7c6b0e77c2ef9585b31407fd58f7a52a007f76cc
Timestamp Audit
November 29, 2019 10:05 pm CDTStatement of Work - Managed WordPress Security Uploaded by Brian Semrau - [email protected] IP,