9 Responses

  1. Goodwin
    Goodwin September 17, 2013 at 19:38 | | Reply

    Hi Robert,
    may I ask you about the source of statistics?
    Thank you

  2. Jean Galea
    Jean Galea September 17, 2013 at 21:57 | | Reply

    Excellent lowdown on WordPress security Robert, I’m sure many will find it useful. I’ll take the opportunity to remind our followers about our WordPress security lockdown service, through which we secure WordPress websites from the hacking possibilities mentioned above.

  3. hackrepair
    hackrepair September 21, 2013 at 04:37 | | Reply

    I like your comment about choosing hosting providers. There are a lot of great “WordPress” providers out there with nearly instant customer service and support tailored for WordPress folks.

    WPEngine, TVC.Net and Page.ly are well regarded and good first looks when in need of a fast responsive, customer service oriented host.

  4. James Mowery
    James Mowery September 27, 2013 at 21:33 | | Reply

    Great post, Robert.

    James from ManageWP here.

    Security is such a problem for WordPress, and it’s clear that the security assault on WordPress isn’t going to stop. It’s just such a popular target to do massive amount of damage since so much of the Web runs on WordPress. Thanks for writing about this.

    Here’s another post I recently read that opened my eyes that would compliment this one (especially if you like stats): Statistics Show Why WordPress is a Popular Hacker Target

    A majority of our customers strongly desire security features, and it’s clearly obvious why. But, interestingly enough, it seems that webhosts, themselves, will likely play a bigger interest/role in securing WordPress on their own servers. Hopefully this results in less problems down the line, particularly for newer users who don’t know what they’re doing.

    1. hackrepair
      hackrepair September 28, 2013 at 00:02 | | Reply

      There are real limits as to what a web host can do. While mod security rules and like can be helpful, they may likewise conflict with other clients. So it’s a catch-22 type situation.

      Hosts are about getting and “keeping” their customers. Doing things that may actually cause clients to move out due to ongoing issues are the reason why you will not normally see a shared host “including” NGINX or pre-set mod_security rules and the like.

      That said, most hosts believe that if a client “requires” a greater level of security they are willing to pay for it, in the form of VPS or cloud type hosting services, et al.

      The “Walmart hosts” are keen to sell you their add-ons to improve security, which is why most won’t include security “out of box” because, well, it’s going to hit their button line.

      Btw: if you didn’t know this, the “Walmart hosts” don’t make a dime on hosting. It’s the up-sell where they make their money. Reality check. . .

      Which is why it’s important than when you choose your web host you only choose one where they present and describe security as “their main feature” on their home page. Just Google, for “Website Security and Customer Service hosting” to find the cream of the crop hosting wise.

      1. James Mowery
        James Mowery September 28, 2013 at 00:09 | | Reply

        I agree with most your points, and it’s exactly the point I was getting to. Which is why, in general, you shouldn’t opt for “Walmart hosts” (kudos for the term) in the first place where you have a real business to run, because the security, in general, is horrid.

        As to your other points, I’m very much aware. Having just attended HostingCon, webhosts realize what they need to do, and there’s no question that there’s going to be a price tag associated with it, because most people (not even yours truly) knows the exact proper configurations for a VPS to make it sound and secure. So you either need to hit some lengthy tutorials on security, or you’ll pay for the privilege for someone else to ensure that security matters.

        Firehost is an excellent example of getting what you pay for.

        As for shared, cookie-cutter hosting, they realize that it’s time for them to step up their game, and we’re going to see a lot of innovations in the next couple years on this front. 🙂

Leave a Reply