Statement of Work - Managed WordPress Security
This Statement of Work (“SOW”) is entered into and made effective on July 2, 2020 (“Effective Date”) and is made pursuant to that certain Infosec Chicago Master Services Agreement entered into as of (“Agreement”) by and between Brian Semrau d/b/a Infosec Chicago (“Infosec”), and (“Client”).
Capitalized terms used herein but not otherwise defined herein have the meanings ascribed to such terms in the Agreement. If the terms and/or conditions of this SOW conflict with the terms and/or conditions of the Agreement and/or with any other SOW, the terms and/or conditions of this SOW will control (unless otherwise expressly provided herein or in the Agreement) solely with respect to the Services performed under this SOW.
i. Managed Security Services.Infosec shall assist Client with managing its system which shall include without limitation hosting their WordPress site on servers provided by and paid for by Client. Infosec claims no responsibility for the servers Client hosts on, and Client is responsible for maintaining servers, hiring appropriate 3rd party services to maintain servers, or otherwise pay Infosec at the standard hourly rate agreed upon in Agreement. Infosec shall provide the following services on Client’s site, which may be added to or modified at any time at the discretion of Infosec: > Brute Force Protection > Directory/File Fuzzing Protection > Restrict Passwords In HaveIBeenPwned > Multifactor Authentication > Daily Malware Scan > Web Application Firewall > Block known-bad IP addresses > Live backups > Daily database snapshot backups (14 copies will be kept before being written over) > Weekly full site snapshot backups (5 copies will be kept before being written over) > Managed WordPress core, themes, and plugin updates > SSL/TLS configuration using certificate provided by Client, or Let’s Encrypt if Client’s server supports the user of Let’s Encrypt > reCaptcha on sensitive pages (optional – Client shall alert Infosec if this is not desired) > WP Rocket caching plugin (optional – Client shall alert Infosec if this is desired) > Cloudflare configuration (optional)
Further description of these services can be found at https://infosecchicago.com/managed-wordpress-security/; however, specifics of these services are subject to change at any time in order to protect Client against the current threats being seen against WordPress sites.
b. Under no circumstances should any service represented in this contract be interpreted to indicate that Infosec shall assist with any design of the WordPress site.
c. Email service management is not included in this Agreement. Email services such as Office 365 or Google Apps for Business can be added on; however, another Agreement will need to be signed for these services. Please reach out to [email protected] to sign up for email services.
d. Client understands that while Infosec shall take reasonable steps to harden Client’s site per the work described in this Agreement, there is no such thing as 100% security or a guarantee that their site will never be compromised. In the event that Client’s site is compromised, Infosec shall make a reasonable effort to help Client recover access to their site (such as restoring from backups if alerted within a reasonable amount of time before the backups have been written over).
IN WITNESS WHEREOF, the parties have caused this SOW to be signed by their duly authorized representatives as of the date set forth below.
Date: July 2, 2020
For: Infosec Chicago
Leave this empty:
Your legal name
Signed by Brian Semrau
Signed On: December 1, 2019
If you have questions about the contents of this document, you can email the document owner.
Document Name: Statement of Work - Managed WordPress Security
Agree & Sign