WordPress Security Step-by-Step - Barry Harris Majaid Web Solutions January 2019
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
WordPress Security
~ Step-by-Step ~
!
Barry Harris
Majaid Web Solutions
January 2019
~ !2 ~
Table of Contents
Introduction 3
Step 1 - Select your web hosting company wisely 5
Step 2 - Don’t use ‘admin’ as your username 7
Step 3 - Choose a strong password 8
Step 4 - Research themes and plugins 10
Step 5 - Use a child theme 12
Step 6 - Make regular backups and test them 13
Step 7 - Stop hackers from accessing your website 15
Step 8 - Scan for unauthorized file changes 16
Step 9 - Limit login attempts 17
Step 10 - Use Two-Factor Authentication 18
Step 11 - Change login URLs 19
Step 12 - Remove editor access 20
Step 13 - Disallow memberships and comments 21
Step 14 - Remove WordPress version info 23
Step 15 - Change the login error message 24
Step 16 - Force users to use their email address to login 26
Step 17 - Disable trackbacks 28
Step 18 - Change your salt keys 29
Step 19 - Update core installation and plugins 30
Step 20 - Read the Blogs 31
About Majaid Web Solutions 33
WordPress Security Guide
~ !3 ~
Introduction
WordPress1 is the most popular Content Management System in the world. In fact, WordPress
powers more than 32% of the websites on the Internet today. With this popularity, it is not
surprising that hackers continuously try to compromise WordPress websites.
Out of the box, WordPress is relatively secure. The WordPress team checks the core software
code rigorously before it is released. What they don’t do is check third-party themes and plugins
to the same level.
There are numerous methods one could use to hack a WordPress installation. Statistics show that
hackers gain access to WordPress websites by attacking the following vulnerabilities:
1. Website hosting;
2. WordPress themes;
3. WordPress plugins; and
4. Weak passwords.
WordPress security is not a single process.
You must always think about security when choosing which plugins to install, which theme to use,
and whether to permit third party actions such as posting comments.
CAVEATS
These security tips were current as of the time this guide was written. Majaid Web Solutions2 is
not responsible for any errors or omissions.
Some security tips require adding or changing code and installing plugins. If you are not
comfortable doing this, we recommend asking a WordPress developer for assistance.
Be very when editing the functions.php and wp-config.php files because a tiny error in code can
render your website inoperable.
1 https://wordpress.org/
2 https://www.majaid.com/
Majaid Web Solutions
~ !4 ~
There are many plugin options to choose from. We run selected plugins through a series of
guidelines to ensure they meet or exceed industry standards prior to installation. The
recommended plugins in this guide have stood the test of time, are regularly updated, have a
great support system, and are known to not contain malware. The plugins referenced in this
guide are the same plugins we use on our live WordPress websites.
We use a combination of free and premium plugins on the websites we develop. We provide a
recommendation when we think you should use a premium plugin.
We list the security steps in a logical sequence. We start with WordPress installation, followed by
Wordfence, and finally post-installation.
Do not leave your website security up to the basic installation of WordPress. Ensure that your
website uses complimentary defensive solutions.
When it comes to your WordPress website, increasing the level of security is worth every penny.
Who this guide is for
We wrote this guide for website owners who want to increase the security of their WordPress
website.
WordPress Security Guide
~ !5 ~
Step 1 - Select your web hosting company wisely
The Issue
Not all web hosting platforms perform the same when hosting WordPress websites. Web hosting
platforms publish a website from a central computer called a server. These servers have a finite
amount of resources (disk space, memory, and CPU capacity). They are also limited in the
number of simultaneous connections (website visitors) and the connection speed (bandwidth).
Therefore, when looking for a web hosting platform, you should look for a server with plenty of
disk space, plenty of memory, the fastest CPU, ability to sustain thousands of simultaneous
connections, and have unlimited bandwidth.
Typically, there are three types of web hosting platforms.
Shared hosting will host your website on the same server as literally thousands of other websites.
The server hardware is shared across all the websites it hosts. This creates performance issues
because your website competes with other websites on the same server. We don’t recommend
shared hosting for business websites because they tend to exhibit performance issues.
Virtual Private Servers (VPS) are servers that exist in a virtual environment. Hosting companies
take a super-fast server and divide it up into a smaller group of virtual devices. Normally, there
are fewer virtual servers running on a main server.
The third type of web hosting server is a dedicated server. When you purchase a dedicated server,
you get an actual server (which is normally placed in a rack of similar servers) that you can access
directly. This type of server is best suited for large business websites.
Majaid Web Solutions uses Dreamhost VPS for all of the websites we develop and host.
Dreamhost is a North-American company with an exceptional support team. Their support is
Majaid Web Solutions
~ !6 ~
very knowledgeable and is not outsourced. They host over 1.5 million websites and have won the
PCMag’s “Editor’s Choice” award 4 years in a row!
The Solution
Take time to investigate the type of web hosting server you need (now and in the future). Some
web hosts are better suited for running WordPress. WordPress.org 3 recommends using the
following companies for hosting your WordPress website:
a. Dreamhost4 ;
b. Bluehost5 ; and
c. Siteground6.
When choosing a web host, inquire about which versions of WordPress, PHP, and mySQL the
web host uses. Some web hosts are behind on installing the latest versions. The current version of
WordPress is 5.0, PHP is 7.3, and MySQL is 10.
3 https://wordpress.org/hosting/
4 https://www.dreamhost.com/
5 https://www.bluehost.com/
6 https://www.siteground.com/
WordPress Security Guide
~ !7 ~
Step 2 - Don’t use ‘admin’ as your username
The Issue
Did you know that the most common administrator username is ‘admin’? Hackers know this and
they will try to use brute force login scripts to guess the password for this user.
Newer versions of WordPress have moved away from automatically making ‘admin’ the super
user but some ‘One-Click’ installers still create the ‘admin’ user login.
Never, use ‘admin’ as the username for the administrator account in WordPress!
The Solution
The best time to choose your username for WordPress is during the installation process. Consider
using your email address or something familiar to you.
If you currently use ‘admin’ as the username for your WordPress administrator, use the following
steps to add a new user with administrator privileges:
a. Create a new user;
b. Assign the new user the administrator role;
c. Assign all previous posts and pages created by the ‘admin’ user to the new administrator
username; and
d. Delete the old ‘admin’ user.
Majaid Web Solutions
~ !8 ~
Step 3 - Choose a strong password
The Issue
The password is typically the weakest link in an online security strategy.
Most users are not very creative when selecting a password. That is why they select a password
that they can easily remember and use the same password for several websites.
The ten most common passwords are:
1. 123456,
2. password,
3. 12345678,
4. qwerty,
5. 12345,
6. 123456789,
7. letmein,
8. 1234567,
9. football, and
10. iloveyou.
Hackers know these passwords and will use them in a brute force attack.
Hackers will also use what is known as a dictionary attack. They will try each word in the
dictionary as a password.
Consider that the Merriam Webster dictionary contains about 470,000 words. Using a common
computer, a hacker can test each word in the dictionary in less than a second. Current estimates
are that a computer can try over one hundred million passwords a second. A specialized
computer can test more than a billion passwords each second.
The Solution
Use a strong password when choosing a password for your WordPress website.
The stronger the password, the harder it is for hackers.
WordPress Security Guide
~ !9 ~
Don’t use any word in the dictionary.
Use a password generator like the LastPass Random Password Generator7 tool to create a strong
password.
For example, a random password generated by LastPass looks like this: Qn7G9vSM27YB!&6S
Do not use this as your password but copy the characteristics of a strong password. A strong
password contains a combination of letters (upper and lowercase), numbers, and special
characters. WordPress recommends passwords have between 30 and 50 characters. Their
reasoning is that current password attack software can try 350 billion guesses per second!
!
7 https://www.lastpass.com/password-generator
Majaid Web Solutions
~ !10 ~
Step 4 - Research themes and plugins
The Issue
Most of the themes and plugins created for WordPress are created by third-party individuals and
companies. These themes and plugins come in both free and premium versions. They come with
varying degrees of support.
Wordpress.com permits their ‘Business Plan’ customers to upload third-party themes and plugins.
They recommend that “site owners should be careful to install only reputable plugins and
themes”.
Not all themes and plugins perform the same. Some are built for efficiently and speed others tend
to slow a website down.
There are examples of some themes and plugins containing malicious code that permit hackers
to take over a website. While the coders at WordPress have caught some of these themes and
plugins, with over 11,000 themes and 50,000 plugins available for download, it is nearly
impossible to individually check all of them.
The Solution
When choosing themes and plugins, only select those that are updated often, are tested with the
latest WordPress version, are from popular authors (such as Automattic8, Yoast9, and OceanWP10
), have many active installations, and have lots of positive reviews.
We have also used themes from Elegant Themes11 , Theme Forest12 , and Themeisle13.
Some themes work well right out of the box, but others require some tweaking to make the
theme display properly. Some themes are compatible with some plugins, while others are not. We
8 https://automattic.com/
9 https://yoast.com/
10 https://oceanwp.org/
11 https://www.elegantthemes.com/
12 https://themeforest.net/
13 https://themeisle.com/
WordPress Security Guide~ !11 ~
recommend using a testing server to rigorously test different themes and plugins for functionality
and compatibility before uploading them to a live web server.
Never install a theme or plugin on your live site without testing. We test all our WordPress
websites on a testing server before migrating to a live server. Take your time trying a new theme
or plugin. Run a series of tests to ensure that your website functions properly.
Ask yourself whether you really need the theme or plugin. If you can get by without it, simply
don’t install it.
In the image below, notice the number of reviews and number of installations for the Yoast SEO
plugin. This is indicative of a good plugin to use. The second image shows some popular themes.
Majaid Web Solutions~ !12 ~
Step 5 - Use a child theme
The Issue
WordPress uses a theme concept to permit website owners to change the look and feel of their
website. Themes provide functionality to the website.
In order to change certain features of a theme, some owners directly edit the core theme files.
Whenever the theme author releases an update, the website loses all the changes because the
update overwrites the files in the theme folder.
Anyone viewing the source code of your WordPress website can easily tell which theme the
website uses. Hackers take advantage of security holes in certain older themes.
The Solution
Create a child theme as an add-on to the current theme. A child theme inherits the functionality
and security of the parent theme. With a child theme, you can add additional functionality and
security. You can customize the child theme without editing any of the core files in the parent
theme. Whenever the parent theme is updated, you won’t lose the enhanced functionality and
security added by your child theme.
Creating a WordPress child theme requires knowledge of HTML, CSS, and PHP. You will also
need a code editor for editing the files. We recommend testing your child theme on a local web
server so that you can solve any issues before activating the child theme on a live web server.
Have a look at the code for Target Pulse14 , you will notice that the theme used is a custom theme.
This makes it harder for hackers to target the theme because they don’t know which parent
theme the website uses.
14 https://pulse.target.com/
WordPress Security Guide~ !13 ~
Step 6 - Make regular backups and test them
The Issue
Websites contain numerous static files that live on a web server (images, PDF files, web code, etc.).
WordPress websites use a database for storing most of the information required to dynamically
create the website pages.
WordPress websites change over time as owners update content, add new posts, upload images,
install updates, and change plugins. These modifications take time.
Sometimes, web servers fail. Hardware gives out, memory fails, or computers stop working after
an update.
Other times, an update will conflict with the system causing WordPress to stop working. This
typically occurs when adding or updating themes and plugins.
When this happens, your website becomes unusable and your business loses money. Visitors stop
buying from your website or they can’t find your website and move on to a competitor’s website.
To get your website up and running again, you must reinstall WordPress from a backup.
The Solution
Use a WordPress plugin such as BackupBuddy 15 to create automated backups. We use the
premium version of BackupBuddy to create regular backups to our DropBox 16 account. We have
different schedules and different backup types for the websites we manage. For instance, a
popular online store will get backed up more often than a static website because the database for
an online store changes more often than a static website database.
The frequency of backing up your website may be different. A key question to ask is how much
data can you afford to lose? Can you afford to lose an hour, a day, or a weeks worth of data?
15 https://ithemes.com/purchase/backupbuddy/
16 https://www.dropbox.com/
Majaid Web Solutions~ !14 ~
At Majaid Web Solutions, we also use the premium version of All-in-One WP Migration 17 plugin
for moving websites between hosts. For example, we design and develop a website on our testing
server and use All-in-One WP Migration to move the website to a live web server.
All-in-One WP Migration also creates a backup of the website each time it runs. This allows us
to download these backups to our computers for double protection.
If one backup fails, we have an alternate we can use to restore a website.
Always remember to test restoring from your backup. It is too late, when trying to recover your
website, to discover that your backup does not work!
We regularly test backups on our test server.
The first image below depicts a backup created four weeks ago. Can the website owner recreate
the 1.35 GB of data quickly if the backup fails?
In the second image, the website owner has completed 3127 edits since the last backup. Can the
website owner remember all these changes?
! !
17 https://en-ca.wordpress.org/plugins/all-in-one-wp-migration/
WordPress Security Guide~ !15 ~
Step 7 - Stop hackers from accessing your website
The Issue
The best way to keep hackers out of your WordPress website is to prevent them from accessing it.
Most secure websites use a web application firewall (WAF) to control incoming and outgoing
traffic. The WAF protects the website from hacker attacks. But WordPress does not come with a
WAF.
The Solution
Recognized as the most downloaded security plugin, the premium version of Wordfence18 adds a
firewall, includes a malware scanner, uses real-time threat defense, monitors the website to ensure
that it is not generating spam, blocks intrusion attempts, displays live traffic monitoring, and
watches the website for changed files.
Wordfence security starts by installing a firewall on your web hosting server. This firewall runs in
the background, automatically detects malicious traffic (using a list from a continuously updated
database) and blocks this traffic from accessing your website.
18 https://www.wordfence.com/
Majaid Web Solutions~ !16 ~
Step 8 - Scan for unauthorized file changes
The Issue
When hackers gain access to your website, they typically add, change, or delete files. Whenever
someone modifies the files that make up your WordPress installation, it would be nice for the
system to notify you about the changes. Then you could check the changed files to see if there is
malicious code hidden in them. If the files have malicious code, then you can take steps to
remove it. Out of the box, WordPress does not provide this functionality.
The Solution
Wordfence contains a malware scanner which compares the WordPress files on your website with
the original core WordPress files. The software informs you of any files that do not match, so you
can check them for unauthorized changes.
The image below shows the location of the button to start the malware scanner. Run the scanner
on a regular basis to detect any unauthorized file changes.
WordPress Security Guide~ !17 ~
Step 9 - Limit login attempts
The Issue
The default WordPress installation allows users to try to login as many times as they wish (even if
they use incorrect usernames or passwords). This leaves the website open to hackers using
multiple attempts to guess your username/password combination.
Using a brute force attack, hackers will continuously attempt to access your website using
different usernames and passwords.
Most often, they will use the same username over and over. All they change is the password.
The Solution
Limit the number of failed login attempts.
If a hacker uses the same username with different passwords over a given period, have
Wordfence lock the account for a set period. This slows hackers down as they must try a different
username.
Set a limit for the number of failed login attempts.
Increase the length of time the username is barred from logging in again.
Reduce the number of failed login attempts for usernames such as ‘admin’ and ‘administrator’.
We recommend the following settings.
Majaid Web Solutions~ !18 ~
Step 10 - Use Two-Factor Authentication
The Issue
WordPress uses the standard username/password combination to control logins. Banks,
government agencies and militaries use additional login security to control logins to their systems.
These additional login security systems use a two-factor authentication (i.e. something you know
and something you have). The way two-factor authentication works is to use something you know
(your username and password) and something you have (normally a smartphone). When you
login using two-factor authentication, your WordPress website will send a code to your
smartphone that you must use in combination with your username and password.
The Solution
The premium version of Wordfence adds two-factor authentication to your WordPress website.
Once installed and setup, you add the usernames you want to use two-factor authentication.
Then, whenever that user tries to login, the website will send a code to their smartphone. The
user adds a space after the password, types the letters ‘wf ’ followed by the code sent to the
smartphone.
For example, let’s say the user has a password of ‘wordfence’ and the website sent the code
‘123456’. The user would then enter the following in the password field:
wordfence wf123456
WordPress Security Guide~ !19 ~
Step 11 - Change login URLs
The Issue
Every WordPress administrator knows that to login to WordPress, all they need to do is enter the
following in the address bar of their web browser.
http://mydomain.com/wp-admin
The following also works.
http://mydomain.com/wp-login.php
The Issue is that hackers know this as well. They will continuously attempt to access the backend
of your WordPress website using the same URLs.
What would happen if instead of seeing your website login page, they received a 404 page not
found error? This is the premise behind moving your login page to a different URL (i.e. a new
location on your website).
The Solution
Change the /wp-admin/ directory to something like /hide-me/. This will hide the files and
directories from would-be hackers. When they try the normal login files, they will receive a 404-
not found error.
Don’t change the location of your login directory manually. WordPress will recreate the default
login the very next time you install core updates. Also, manually moving the directory location
will not update your website database.
Use the WPS Hide Login 19 plugin to do this for you.
19 https://wordpress.org/plugins/wps-hide-login/
Majaid Web Solutions~ !20 ~
Step 12 - Remove editor access
The Issue
WordPress permits users with the Administrator role to directly edit the files of all installed
themes. This may sound like a good capability to have for making quick changes to a live website.
But, consider what could happen if a hacker gained access to your WordPress backend and
began editing the files of your website.
A hacker could take over your website and run malicious code (the most prevalent malicious code
is Bitcoin mining). You probably would not notice the change in code (unless you run a website
code change monitoring tool). Visitors may see a slowdown of the website, but it would still
function the same.
The Solution
Disable access to the code editor on your website. By removing the ability to directly edit the core
theme files, hackers will have as harder time installing malicious code on your website.
To disable the editor, add this line to your functions.php file (located in the root directory of your
theme folder):
define( ‘DISALLOW_FILE_EDIT’, true );
WordPress Security Guide~ !21 ~
Step 13 - Disallow memberships and comments
The Issue
WordPress allows visitors to your website to register as a user. Visitors create a user account by
adding /wp-login.php?action=register to your website domain. Depending on the default user
role set in your dashboard, visitors can add posts, add pages, add comments to posts, and
perform other actions.
There are two problems associated with user registrations. The first problem is that hackers can
use a system of escalating privileges to give them increased capabilities on your website.
The second problem is spammers use their user credentials to flood your website with spam. This
forces you to spend a considerable amount of time monitoring and deleting the spam.
The Solution
If you don’t need visitor registrations, we recommend disabling memberships. To turn off
memberships, clear the ‘Anyone can register’ checkbox found on the dashboard under Settings >
General.
!
If you must have memberships enabled (i.e. for websites such as online stores and subscription
websites), ensure you only permit members to have the minimum required credentials. For
example, never permit new members to have the Administrator role.
Also, check the settings in the dashboard under Settings > Discussion. To disallow user
commenting, ensure you turn off the “Allow people to post comments” checkbox. Set the
Majaid Web Solutions~ !22 ~
“Automatically close comments on articles older than __ days” to 0. Check both the “Email me
whenever” check boxes. Check the “Comments must be manually approved” checkbox. And
remove the check from the “Comment author must have a previously approved comment”
checkbox.
If you must permit user comments, ensure you use a spam filter such as the Akismet20 plugin.
!
20 https://en-ca.wordpress.org/plugins/akismet/
WordPress Security Guide~ !23 ~ Step 14 - Remove WordPress version info The Issue A WordPress website displays the version number in the source code of each web page. Hackers know which versions have vulnerabilities and they look for websites with certain version numbers. Once found, they target them using known hacking techniques. The Solution Check the source code of any page from your WordPress website. Search for a line that starts with ‘
~ !24 ~
Step 15 - Change the login error message
The Issue
By default, WordPress shows error messages when someone enters either an incorrect username
or a wrong password on the login page. While these hints might be helpful to a WordPress user,
they also assist hackers. Hackers use these error messages to guess a username, user email
address, or their password.
The default error hint messages tell a user that the login name is incorrect or even worse, that the
login name is correct, but the password is wrong. Armed with this information, hackers launch a
more focused attack on your WordPress website.
!
WordPress Security Guide~ !25 ~
The Solution
Add the code below to the functions.php file to change the default error message users see
whenever they enter the wrong user login information.
Here is the error message displayed once the code is added to the functions.php file. Note that it
doesn’t reveal any hints.
Majaid Web Solutions~ !26 ~
Step 16 - Force users to use their email address to login
The Issue
Out of the box, WordPress permits users to use either their email address or their username to
login. Usernames are easy to detect using a process called user enumeration. The way user
enumeration works is that WordPress assigns a unique id to each user. The administrative user is
normally assigned the unique id of 1. All an hacker has to do is add the line “?author=1” to the
end of the website domain name and WordPress will return the username associated with the id
of 1.
!
!
WordPress Security Guide~ !27 ~
The Solution
Add the following code to the functions.php file to forces users to log in with their email address
and not their username.
This is a lot of code so pay attention when typing it. Ensure that you enter all the special
characters correctly.
Majaid Web Solutions~ !28 ~
Step 17 - Disable trackbacks
The Issue
Pingbacks and trackbacks notify you when your content is linked to from another website. Via
trackbacks, hackers can cause massive distributed denial-of-service (DDoS) attacks or could use
other “clean” WordPress sites to harm your website.
The Solution
Disable this feature by going to Settings > Discussion and then uncheck the “Allow link
notifications from other blogs (pingbacks and trackbacks)” option.
In the image below, you will see the location of the checkbox to clear.
!
WordPress Security Guide~ !29 ~
Step 18 - Change your salt keys
The Issue
WordPress stores the login information for all registered users in a database. The database stores
the information in plain text. If hackers gain access to your database, then they would have
access to all the login passwords.
WordPress uses a system known as “Salt Keys” to combine the password with the salt key to
produce a string that can be saved as plain text. This system makes it very difficult for hackers to
discover your passwords.
If you think that your salt keys are compromised, then you should change them immediately.
The Solution
Visit the WordPress Salt key generator21 to get your unique set of salt keys. Here is a sample set
of salt keys generated by the WordPress salt key generator.
!
To add the keys to your website, copy and paste the salt keys to your wp-config.php file.
!
21 https://api.wordpress.org/secret-key/1.1/salt/
Majaid Web Solutions~ !30 ~
Step 19 - Update core installation and plugins
The Issue
WordPress is open source software. This means there are a lot of people providing input (and
writing code) to keep WordPress running efficiently. WordPress releases software updates for three
main reasons.
1. To fix security holes,
2. To fix errors, and
3. To improve performance.
Theme and plugin authors release updates for the same reasons.
Without a regular updating schedule, many WordPress owners run older versions of the core
software, themes, and plugins.
Hackers know which versions of WordPress, themes, and plugins they can target to take over a
website. They will exploit these vulnerabilities to the fullest.
The Solution
Update your WordPress core software, themes and plugins on a regular basis. Running older
versions of WordPress, themes and plugins increases the risk of hackers breaking in to your
website. This is particularly true for known security vulnerabilities. 34% of all WordPress
websites are using a non-current version of WordPress.
Login to your WordPress dashboard and select the Updates link.
You should test any available updates on a test server. It is too late after you install updates on
your live server only to discover that your website no longer works properly.
While you are logged in to your dashboard, remove any themes and plugins that you are not
using.
WordPress Security Guide~ !31 ~
Step 20 - Read the Blogs
The Issue
WordPress security is not a set-it-and-forget-it process. WordPress security is an ongoing concern.
The best way to stay on top of WordPress security is to read the blogs.
The Solution
The WordPress blog22 provides an excellent way to stay up to date on WordPress security issues.
Read the regular blog posts and the Security category to gain knowledge of recent security issues.
You can also subscribe to their mailing list to receive updates directly to your email inbox.
Also read the blog at iThemes23
We also regularly read the security blog at Wordfence24.
22 https://wordpress.org/news/
23 https://ithemes.com/blog/
24 https://www.wordfence.com/blog/
Majaid Web Solutions~ !32 ~
Check your WordPress website to see if it is vulnerable to any security issues. Fix those issues
immediately!
For the security issues that you are not comfortable fixing, contact a WordPress expert. They will
help you lock down your website. WordPress security is very important to keeping hackers out of
your website.
Thanks for reading.
Need help with your WordPress security?
Let’s chat!
WordPress Security Guide~ !33 ~
About Majaid Web Solutions
Majaid Web Solutions is a veteran-owned and operated WordPress website design and
development company. We believe that every business website should be attractive and
functional. We work closely with clients to design the business website they need.
What we do
We take your ideas and transform them into a great looking website. We build your website with
one goal in mind, to help you get more business. We start with WordPress as the foundation,
apply additional security, and then we add extra features such as eCommerce and Search Engine
Optimization. All our websites are mobile friendly. And yes, we do custom builds to give your
website a unique look and feel.
Why choose us
We design websites to help your business succeed. When your business succeeds, we succeed
because most of our work comes from client referrals. We take care of the website, so you don’t
have to worry about it. You can focus on running your business.
We want to build long-term relationships with our clients. We’re here when you need us.
To contact us:
Visit our website: https://www.majaid.com/.
Call/text: 1-403-632-6037
Email: barry.harris@majaid.com
Follow Us:
Facebook: https://www.facebook.com/majaidwebsolutions
Twitter: https://twitter.com/MAJAID_Web
LinkedIn: https://www.linkedin.com/in/majaid
Majaid Web SolutionsYou can also read
