We think WordPress Rocks! but everyone knows someone who’s had their WordPress site hacked and in years gone by it was a fairly common issue but in the modern era there is simply no excuse for that to happen anymore. In fact we’ve gotten so good at protecting WordPress for our clients we are the first hosting company to offer a money back guarantee that your WordPress site will never be hacked again.
What’s changed? 4 things:
- Updates are now automatic, this was once the biggest issue with WordPress, but modern hosting platforms have matured to where they now include automated updating of WordPress core files, plugins, themes, and security best practices. If you’re not doing this you should be, if your hosting provider doesn’t offer this then you should find one that does! In the past some people have argued that this method isn’t ideal as it has been known to break some plugins (most often poorly coded custom plugins). Historically this was only an issue for a very small number of websites (and effectively none that were using standard well supported plugins).
- Threat Mitigation has advanced greatly, to the point that by using a combination of advanced Firewalling techniques attacks on WordPress are relatively easy to identify and mitigate. This is very much a hosting provider’s job and should be part of any secure hosting plan, it can also be done to some degree with plugins like Wordfence however they are not as effective as multi-layer network security management done well.
- WordPress Community is stronger than ever, today there are so many options for well written & secure plugins & themes that for 99% of all websites created using WordPress should be secure be default. Years ago there may have been a case for custom plugin development but those days are pretty much gone now. If your developer is suggesting this, you may want to get a second opinion from one of our trusted Web Developers.
- Failsafe measures are easy to have in place, in the case that the worst were to happen then you should be able to easily restore your site without too much trouble. In some cases this can be done with a plugin like backup buddy or by way of the hosting platform if they allow scheduled backups but in our case we’ve built our advanced cloud backup right into all our shared hosting servers so that we can offer never fail mult-geo node disaster recovery without having to do anything at all.
If your WordPress site has been hacked we’ve made this guide to help you clean it: How to recover a hacked WordPress Website We also offer this procedure as a service through our Website Tune-up package as well as with the Website Lifesaver package
On a related note: We’ve heard all kinds of horror stories over the years and if your Web developer is charging you $300 a year to “Update WordPress” either they have built some very very badly coded custom plugins (that are probably going to get hacked) or they are taking advantage of the fear factor that has risen on this subject over the past several years and we would very strongly suggest they they are not providing you the value that they claim to be as a result.