WordPress is not secure, don't use it!

81 replies
I had a conversation with a local webhosting company asking if they can host WordPress and here's the rough conversation:

Me: So can your company host WordPress?
Host: Yes we can but we don't recommend it.
Me: Why?
Host: WordPress is not secured. It is easily hacked and cause problems to the server. We don't recommend it.
Me: Oh I see. So that means you can host WordPress but don't recommend it because it's easily hacked right?
Host: That's right?
Me: But you know that WordPress is the most popular blogging software and yet you don't recommend it because it's easily hacked right?
Host: Correct.
Me: So do you use Microsoft Windows in your office?
Host: Yes, why?
Me: Microsoft Windows is the most popular software on Earth and has the MOST number of virus attacks so why are you using it?
Host: ....

Speechless.

In the end, I get my WordPress hosting for my client.
#secure #wordpress
  • Profile picture of the author chrisdafunk
    surely its as secure as you make it? if you leave it open to hackers you will get hackers
    Signature
    www.chrishallonline.net - personal blog
    www.zerobsdigital.com - marketing company site
    www.southwestpropertymentor.com - property investment mentoring service
    www.helpyourselfguide.net - self help and success blog with free downloads!
    www.survivalprepping.net - prepper and survivalist blog
    {{ DiscussionBoard.errors[9017315].message }}
    • Profile picture of the author Gh0zt
      Originally Posted by chrisdafunk View Post

      surely its as secure as you make it? if you leave it open to hackers you will get hackers
      Well no, actually.

      Hackers will find a way in if they want a way in.

      The only system truely secure from hackers is one which is not online and has never been connected to the internet and which the hackers have no way to access the machine - otherwise, it can be hacked.

      These days - with the invention of Kali - it's easier than ever for any wanna-be hacker to test your site for exploits then use thier toolkits to take advantage of your weaknesses.

      Several security firms and data handling firms have gone bankrupt after being hacked, and I'd assume their security was much tighter than wordpress- which I can exploit myself (and I'm no hacker, but I know a thing or two and have a few pals).

      Keep up to date on info sec news - everythings moving at a rapid pace right now.

      Peace,
      Gh0zt
      {{ DiscussionBoard.errors[9458495].message }}
      • Profile picture of the author JohnMcCabe
        Originally Posted by Gh0zt View Post

        Well no, actually.

        Hackers will find a way in if they want a way in.

        The only system truely secure from hackers is one which is not online and has never been connected to the internet and which the hackers have no way to access the machine - otherwise, it can be hacked.

        These days - with the invention of Kali - it's easier than ever for any wanna-be hacker to test your site for exploits then use thier toolkits to take advantage of your weaknesses.

        Several security firms and data handling firms have gone bankrupt after being hacked, and I'd assume their security was much tighter than wordpress- which I can exploit myself (and I'm no hacker, but I know a thing or two and have a few pals).

        Keep up to date on info sec news - everythings moving at a rapid pace right now.

        Peace,
        Gh0zt
        In a way, securing a website is much like securing a home, storefront, or car in the real world. The best defense is to look like a harder, less valuable target than someone else.

        If the time and effort required don't match up with the potential returns, most hackers will move on to easier prey - and there's still a lot of easy prey out there.

        Be like the guy who laced up his running shoes before venturing into bear country. When his companion laughed and told him he couldn't outrun the bear, he replied that he didn't have to. He just had to outrun his friend.
        {{ DiscussionBoard.errors[9459343].message }}
  • Profile picture of the author Tim3
    Lol, that told him Joseph.

    The biggest danger to Wordpress security breaches is the end user
    Signature

    {{ DiscussionBoard.errors[9017329].message }}
    • Profile picture of the author agmccall
      blah blah blah

      how much do they charge for a non-wordpress website

      al
      Signature

      Broken promises don't upset me. I just think, why did they believe me?
      ~Jack Handey~

      {{ DiscussionBoard.errors[9017341].message }}
  • Profile picture of the author affiliatez
    haha, interesting question bro. About hacking, any open source can get local hack by shell, malware inserted, etc,... For good sleeps, build your home at blogspot with 2 tier security wall.
    Signature
    Fapturbo2 introduction version 2014
    Buy virtual credit card at www.Luckygiftcard.com
    {{ DiscussionBoard.errors[9017368].message }}
    • Profile picture of the author nicheblogger75
      Originally Posted by affiliatez View Post

      haha, interesting question bro. About hacking, any open source can get local hack by shell, malware inserted, etc,... For good sleeps, build your home at blogspot with 2 tier security wall.
      I really wouldn't recommend building your blog on Google's Blogger platform, especially if it's an Internet Marketing related blog or a blog with affiliate links on it. Blogger has been known to yank blogs out from under people all the time, even if they are well established blogs with lots of traffic coming to them.

      The best long term blogging solution is a self hosted WordPress blog. There are many ways to make it secure. I use Wordfence on my blogs and I also password protect (with encrypted password) all of my "wp-login.php" files. This will usually deter any brute force attacks on your blogs.

      For those who are not password protecting your "wp-login.php" files, I highly recommend you do so. Here is a good tutorial on how to do it:

      Wordpress Login - Brute Force Attack « HostGator.com Support Portal
      {{ DiscussionBoard.errors[9018108].message }}
    • Profile picture of the author Richard Van
      Originally Posted by affiliatez View Post

      build your home at blogspot with 2 tier security wall.
      Yes, nothing like running a business that Google owns for you. :rolleyes:

      I'd rather own my own website and most savvy entrepreneurs know that building a business on a third party platform you don't own doesn't make much business sense.
      Signature

      Wibble, bark, my old man's a mushroom etc...

      {{ DiscussionBoard.errors[9018247].message }}
      • Profile picture of the author ansarahmad22
        It is totally depend on your website how you have to make your own website.If you want to make your website secure on wordpress platform, you can use domain with "https://" to make your website secure.
        {{ DiscussionBoard.errors[9018301].message }}
      • Profile picture of the author mojojuju
        Originally Posted by Richard Van View Post

        Yes, nothing like running a business that Google owns for you. :rolleyes:

        I'd rather own my own website and most savvy entrepreneurs know that building a business on a third party platform you don't own doesn't make much business sense.
        I don't see that there's anything inherently wrong with using a third party platform. Lots of people use proprietary operating systems like Microsoft Windows or OSX. They don't own those platforms, they are only licensed to use them. But using those platforms to run a business is not the same as saying that Microsoft or Apple owns any business that those platforms are used to run.

        In a similar way, I bet most people don't own their own servers, but that doesn't mean their hosting company owns their business.

        Google doesn't own any business that uses its Blogger platform. I understand why people say that though. It comes from the idea that if a person uses Google's .blogspot.com subdomain, then they are subject to losing their web address due to Googles whim. The same is true if a person hosts a Wordpress web site on a subdomain owned by their hosting company.

        But people have the option to own their own domain (or not) regardless if they use Blogger or if they use a hosting company to run Wordpress.

        Then there's also the issue of who owns the content of a web site hosted on Blogger, or Wordpress. Google does not own content published on Blogger, just as hosting companies don't own content posted on Wordpress blogs hosted on their servers.

        I've heard horror stories of people having their sites shut down on blogger, I'd guess for publishing spammy craptastic content. People also get shut down by their hosting companies. In any case, it's of great importance to maintain regular backups of content.

        The person who wishes to blog on Blogger can do so safely if they have their own domain, and if they keep regular backups which can be imported into a Wordpress blog very easily if they ever need to go that route.

        I'm not a blogger or a Wordpress advocate, but I just wanted to clear up some misunderstandings about blogger.

        If I had to choose between either of those platforms, I'd go with Wordpress, but for others who are not so technically oriented, blogging can be safely done with Blogger provided they use their own domain, and make backups regularly.

        Here's some examples of blogs hosted on blogger where people are doing it right by having a domain name instead of a .blogspot.com subdomain (remember, using subdomains owned by someone else isn't just a bad idea on blogger, it's a bad idea on any host):

        http://www.kellyskornerblog.com/

        http://www.kellehampton.com/

        http://www.thewonderforest.com/

        http://www.aspensummit.co/

        http://www.breakfastattoast.com/

        http://www.livinginyellow.com/
        Signature

        :)

        {{ DiscussionBoard.errors[9018888].message }}
        • Profile picture of the author OnlineStoreHelp
          I have seen a lot of local guys poopoo wordless and while they use security as an excuse, it is not normally the reason.

          Harder for them to "add value" for a wordpress build out. Much easier for them to charge 3-5k for a "custom" or Drupal or Joomla website than for wordpress.

          Hard for them to charge higher fees for a wordpress hosting. They don't want to become a commodity producer. Don't blame them, but they are being disingenuous about it.

          I have had to fix more Joomla sites that have been hacked than wordpress sites so far. Wordpress hacks are easy, call the hosting provider and they can normally find the offending code and remove it for you.

          Many time clients want to host their managed service provider that is handling their other IT work so they have someone local to call. it is not something I suggest since you seldom have your own cpanel and need to work with in the command line.
          {{ DiscussionBoard.errors[9019542].message }}
  • Profile picture of the author endino
    LOL. The world does not know how much has to do with wp website?
    {{ DiscussionBoard.errors[9017385].message }}
  • Profile picture of the author MoRaitman
    I highly recommend using the Bulletproof security plugin if you do use wordpress. I've used it on a number of websites and has been installed and updated with utmost of ease.

    https://wordpress.org/plugins/bulletproof-security/
    Signature
    Overwhelmed with information overload on Internet Marketing??? I hear you!!!
    Access this $39 report for FREE. Why? Cuz I'm in a good mood and you deserve it.
    A MUST report for the seasoned or newbie. $1477 a week is DOABLE.
    No experience needed. Just a will to succeed.
    {{ DiscussionBoard.errors[9017394].message }}
  • Profile picture of the author salegurus
    Firstly, this probably belongs in the Off Topic forum.

    Why was your client so determined to use this particular host? I mean they are a dime a dozen
    and 99% probably do host WP sites...

    Anyway
    Noddy badge for you Buddy....
    Signature
    Think of how stupid the average person is, and realize half of them are stupider than that.

    ― George Carlin
    {{ DiscussionBoard.errors[9017401].message }}
  • Profile picture of the author yourstores
    Add the following plugins to wordpress and follow setup instructions for increased security

    Better WP Security

    Captcha

    Limit Login Attempts

    These will help against hackers. Don't forget to make a backup of your site on a regular basis as well just in case.
    {{ DiscussionBoard.errors[9017403].message }}
  • Profile picture of the author thatjc
    Of course you must use a security plugin to protect your WordPress installation from hackers - Duh...
    Signature
    "You can count the seeds in an apple, but you can't count the apples in a seed."
    Online Visual Communication expert
    Visual Marketing Info signup: Visual Marketing Online
    {{ DiscussionBoard.errors[9017419].message }}
  • Profile picture of the author hustlinsmoke
    Wordpress yes has flaws but it is used so much that it is hard to get around. The coding needed to build a site from scratch and add the secondary scripts is outstanding.
    Wordpress has always been flawed but its open source and that is the way it is.

    You can more than strengthen your wp theme though with plugins to make up for the security flaws in it. Yes and that slows your site down, I know this. Then we go back to too many people use it and its getting more and more expensive to code a scratch script.
    {{ DiscussionBoard.errors[9017428].message }}
  • Profile picture of the author noorahmadmughal
    anything not secure in internet world you have to secure even google big company has weakness
    {{ DiscussionBoard.errors[9017434].message }}
  • Profile picture of the author ron200
    There are many ways to secure it. Some more simple than others. Just google it. I saw a bunch of stuff about security in a online wordpress course I am taking.
    {{ DiscussionBoard.errors[9017456].message }}
  • {{ DiscussionBoard.errors[9017459].message }}
  • Profile picture of the author workoutstuff1
    That was hilarious!

    I guess it just goes with the territory. When a CMS becomes popular, it also becomes the most hacked software as well. Such is life!
    {{ DiscussionBoard.errors[9017463].message }}
  • Profile picture of the author hustlinsmoke
    Yes if it can be coded it can be hacked. Coders are hackers and hackers are coders.
    {{ DiscussionBoard.errors[9017618].message }}
    • Profile picture of the author PCH
      Guys,

      if I have a cryptic sequence containing alpha/numeric/small/caps/symbols for both my username and my password, is that secure?

      Should I routinely have additional security installed on my WP site - such as the 'Better WP Security' plugin mentioned a few posts back?

      Whaddya think?
      {{ DiscussionBoard.errors[9017744].message }}
  • Profile picture of the author pewpewpewmonkeys
    PCH, having a good username and password is more secure than having poor usernames and passwords.

    Yes, you should have other security measures.
    Signature
    Some cause-oriented hackers recently hacked one of my websites. So I researched what they're about and then donated a large sum of money to the entity they hate the most.

    The next time they hack one of my websites I'm going to donate DOUBLE.
    {{ DiscussionBoard.errors[9017794].message }}
  • Profile picture of the author IMGem
    PC Also get viruses so let's not use it ;-)
    {{ DiscussionBoard.errors[9018021].message }}
  • Profile picture of the author joseph102
    LOL Hi Five.. You really embarrassed him
    {{ DiscussionBoard.errors[9018043].message }}
  • Profile picture of the author RobinInTexas
    Ask the hosting guy if they ever shopped using a credit card and if they ever heard of Target.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[9018062].message }}
  • Profile picture of the author digitalproducts
    If one take reasonable step to secure wordpress sites, no one can hack them.
    {{ DiscussionBoard.errors[9018226].message }}
  • Profile picture of the author spearce000
    What does he recommend, then? A web1.0 html site made with FrontPage, perhaps? Of course they never get hacked. :rolleyes:
    Signature
    WordPress Security Clampdown – was just for the War Room, now available to all Warriors. Protect your WordPress site from hackers. No opt-in required.
    {{ DiscussionBoard.errors[9018277].message }}
  • Profile picture of the author Istvan Horvath
    I just don't understand what is it so special about hosting WP that one has to ask a host about it. Any hosting service with PHP and MySQL is good for WordPress. And nowadays is difficult to find a decent host that doesn't offer those...
    Signature

    {{ DiscussionBoard.errors[9018311].message }}
  • Profile picture of the author Humbee360
    Funny story, Security is really up to the Hosting company and the account operator, just like others have said, anything can be hacked given the time and opportunity, the best thing you can do with any security related question is to do everything you can to make your self a smaller target, most of the time hackers move on to the low hanging fruit.
    Signature
    "Everything goes where attention flows..."
    {{ DiscussionBoard.errors[9018310].message }}
  • Profile picture of the author Mark Brian
    Sorry but I have to agree with the web host on this. The existence of several security plugins further proves this. Plus the nature of plugins is really scary, anyone can write plugins and some plugin authors don't really take security a priority. They can in fact leave it alone and update only when they please. The issue is the same with other CMS like Joomla, etc.

    The concern of the web host is 100% valid. Unless it is a managed WP hosting (meaning they take care of security updates for you), then the average user is most likely running or will run an unsecure WP installation. Keeping software secure is not really a one-time thing. Pro-active maintenance and backups is key.
    Signature

    {{ DiscussionBoard.errors[9018385].message }}
  • Profile picture of the author johnben1444
    I'm not surprised, it's something one of those baby hosting can do, they have no clue.
    {{ DiscussionBoard.errors[9018441].message }}
  • Profile picture of the author melvinsh
    Wordpress is the Google of site builders.
    Signature
    Syndr.com - Social Media Syndication - stop buying fake shares & likes! Get Real Shares from Onlywire & Sendible users managing their own social profiles! Drip feed - Anonymous Shares - Spun Content - View Reports - FREE Accounts - 45+ Social Networks - Take The Tour

    Wanna run a successful Giveaway? SKYPE: Justin.chasar I can get you 1000s of real subscribers, facebook likes, etc. in days
    {{ DiscussionBoard.errors[9020027].message }}
  • Profile picture of the author Rappostion
    Nothing is secure nowadays! It is your job to secure your site!
    {{ DiscussionBoard.errors[9020126].message }}
  • Profile picture of the author Joseph Then
    I'm glad that some of you see the point that I'm making. The rest doesn't seem to see the point... Duh!
    {{ DiscussionBoard.errors[9020844].message }}
  • Profile picture of the author ABN
    Catchy title

    WP is going to be as secure as the environment it operates on. Sure, there are security holes that pop up, and get patched. Just like any other system/software.

    That host you had the funny chat with, they don't seem confident in their ability to operate a secure service. Move on...

    Just a few tips for anyone reading:

    - Use strong user/pass for all hosting/WP logins
    - Keep theme and plugins current, get rid of any not updated in long time
    - Consider password protecting /wp-admin or apply ip restriction
    - Install extra security plugins
    - Get new host if above does not help
    {{ DiscussionBoard.errors[9021648].message }}
  • Profile picture of the author seobro
    Well, we do agree. It is not secure. Also, it uses a lot of resources. Newbies do like word press. That is because it is easy to set up. However, straight HTML is easy on servers. Getting a lot of traffic on a word press site means that your gonna need a massive server with a lot of processing power. Remember that you are in this business to make money. Try to minimize expenses.
    {{ DiscussionBoard.errors[9023334].message }}
  • Profile picture of the author Ghoster
    Any system is insecure if you use it wrong.
    Signature

    On the whole, you get what you pay for.

    {{ DiscussionBoard.errors[9023337].message }}
  • Profile picture of the author vikash_kumar
    Hi Joseph,
    Thanks for sharing a very interesting conversation.

    Someone has rightly said in the comments above that why to ask such a question in the first place as any hosting service which have PHP and MySQL easily qualify for the WordPress Site hosting.

    At the same time, One should be very careful before using such a company which has a biased support staff and does not know all aspects of a best known blogging platform of the world. I doubt the technical abilities and about future technical support from this particular hosting company.

    My recommendation....Don't purchase hosting from them.

    Regards,
    Vikash
    {{ DiscussionBoard.errors[9024332].message }}
  • Profile picture of the author awsproduct
    hahahaha , Wordpress is strong ! as you know don't worry , just keep update it !
    Signature
    {{ DiscussionBoard.errors[9025085].message }}
  • Profile picture of the author serprider
    Atomix Security Linux ftw... Don't waste your time on stupid plugins.
    {{ DiscussionBoard.errors[9025269].message }}
  • Profile picture of the author Lloyd Buchinski
    Well, there is an interesting problem with Wordpress. It is being used as a botnet.

    Wordpress hack connects users to botnet | News | TechRadar
    Signature

    Do something spectacular; be fulfilled. Then you can be your own hero. Prem Rawat

    The KimW WSO

    {{ DiscussionBoard.errors[9025309].message }}
  • Profile picture of the author DubDubDubDot
    WordPress is the least secure of the popular platforms. Drupal is the most secure. However, as with anything, there are trade-offs for users.

    WordPress is very newbie friendly, but the platform itself, the themes and the plugins are often hacked since they are written almost exclusively by amateur level developers. Drupal has a more professional base and is thus more secure, but newbie users may be frustrated by what seems like a lack of easy options.

    That perfect blend of security and ease of use simply does not exist and never will.
    {{ DiscussionBoard.errors[9025383].message }}
  • Profile picture of the author jessicah
    I have been using Wordpress for a long time and I never had any problem of that kind. Plus, there are plugins you can use to secure your account, so everything's safe.
    {{ DiscussionBoard.errors[9068242].message }}
  • Profile picture of the author TheCodex
    Originally Posted by Joseph Then View Post

    I had a conversation with a local webhosting company asking if they can host WordPress and here's the rough conversation:

    Me: So can your company host WordPress?
    Host: Yes we can but we don't recommend it.
    Me: Why?
    Host: WordPress is not secured. It is easily hacked and cause problems to the server. We don't recommend it.
    Me: Oh I see. So that means you can host WordPress but don't recommend it because it's easily hacked right?
    Host: That's right?
    Me: But you know that WordPress is the most popular blogging software and yet you don't recommend it because it's easily hacked right?
    Host: Correct.
    Me: So do you use Microsoft Windows in your office?
    Host: Yes, why?
    Me: Microsoft Windows is the most popular software on Earth and has the MOST number of virus attacks so why are you using it?
    Host: ....

    Speechless.

    In the end, I get my WordPress hosting for my client.
    What if he was running Ubuntu? What would have been your witty closing remark? lol
    Signature
    Internet Codex - Redefining Internet Marketing
    {{ DiscussionBoard.errors[9068275].message }}
    • Profile picture of the author jamalexa2819
      Originally Posted by TheCodex View Post

      What if he was running Ubuntu? What would have been your witty closing remark? lol
      Ubuntu isn't any more secure than any operating system. The code is out there for anybody to use. Linux has been attacked in the past but for hackers the question becomes - what's the fun, I got the code there is nothing to crack. a lot of WP sites run on linux servers. I know because i look to Linux for their dependability.And most of the servers that run the Net are Linux/Unix based.
      {{ DiscussionBoard.errors[9068485].message }}
      • Profile picture of the author TheCodex
        Originally Posted by jamalexa2819 View Post

        Ubuntu isn't any more secure than any operating system. The code is out there for anybody to use. Linux has been attacked in the past but for hackers the question becomes - what's the fun, I got the code there is nothing to crack. a lot of WP sites run on linux servers. I know because i look to Linux for their dependability.And most of the servers that run the Net are Linux/Unix based.
        ORLY?

        https://www.gov.uk/government/collec...urity-guidance

        Summary: CESG, the UK government's arm that assesses operating systems and software security, has published its findings for 'End User Device' operating systems. The most secure of the lot? Ubuntu 12.04.

        Originally Posted by gchq.gov.uk

        The Communications-Electronics Security Group (CESG), the group within the UK Government Communications Headquarters (GCHQ) that assesses operating systems and software for security issues, has found that while no end-user operating system is as secure as they'd like it to be, Ubuntu 12.04 is the best of the lot.
        Please, I'd love more anecdotal evidence from you though...
        Signature
        Internet Codex - Redefining Internet Marketing
        {{ DiscussionBoard.errors[9072457].message }}
  • {{ DiscussionBoard.errors[9068404].message }}
    • Profile picture of the author Dani78
      Sure you can make it more secure,
      and backup everything just in case.
      Signature
      57 FREE Traffic Sources >> Download Here
      {{ DiscussionBoard.errors[9068462].message }}
    • Profile picture of the author vikash_kumar
      Originally Posted by brutecky View Post

      Nothing is secure. Any website can be hacked.
      This simple sentence is very important. Any Website can be hacked and nobody can give any guarantee against Hacking as such.

      One can only take some actions to reduce the chances of being hacked & WordPress as such is not different when it comes to hacking as well.
      {{ DiscussionBoard.errors[9072672].message }}
      • Profile picture of the author igorGriffiths
        Any site is insecure when it becomes attractive to a determined attacker just ask your government if you are in any doubts about that statement.

        Thus as others have pointed out there are simple steps you can make to increase site security.

        Do not use any default installation settings for your site, the database name, table name, user name and many more.

        Install one of the many security plugins that exist

        Create a schedule to backup your site on a regular basis and most importantly actually do it!

        And finally do not make your site insanely secure because then it may just become worth attacking!
        {{ DiscussionBoard.errors[9072909].message }}
  • Profile picture of the author Karol Z
    Even if not secure, the amount of time you save by not having to code deep into html and the comfort of being able to use a theme beats the insecurity.
    {{ DiscussionBoard.errors[9068504].message }}
  • Originally Posted by Joseph Then View Post

    I had a conversation with a local webhosting company asking if they can host WordPress and here's the rough conversation:

    Me: So can your company host WordPress?
    Host: Yes we can but we don't recommend it.
    Me: Why?
    Host: WordPress is not secured. It is easily hacked and cause problems to the server. We don't recommend it.
    Me: Oh I see. So that means you can host WordPress but don't recommend it because it's easily hacked right?
    Host: That's right?
    Me: But you know that WordPress is the most popular blogging software and yet you don't recommend it because it's easily hacked right?
    Host: Correct.
    Me: So do you use Microsoft Windows in your office?
    Host: Yes, why?
    Me: Microsoft Windows is the most popular software on Earth and has the MOST number of virus attacks so why are you using it?
    Host: ....

    Speechless.

    In the end, I get my WordPress hosting for my client.
    Wow, very good conversation

    simple logic can sometimes be tricky to answer questions...
    Signature
    Professional Animated Banner HTML5 Designer
    Make Your Banner Ads More Clickable
    {{ DiscussionBoard.errors[9068530].message }}
  • Profile picture of the author Jtraits
    probably their security sucks and most of their servers are getting hacked or DDoS and can't afford fixing it all the time
    {{ DiscussionBoard.errors[9069018].message }}
  • Profile picture of the author jasonvthomas
    Wordpress is not secure as it is.

    Its your job to secure it using plugins.

    Here are three protection levels
    1. Use better wp security, just go throgh their checklist and make sure everything is in green and your site is protected.

    2. Use updraft plus plugin to keep uploading your website and the database automatically at set intervals in case of emergency.

    3. Frequently do the complete website backup known as the "cpmove" file from your Cpanel webhosting panel so that, if any problems this file will restore your site into any other Linux hosting very easily. Just upload the file somewhere and inform the support staff to restore the website.
    {{ DiscussionBoard.errors[9069022].message }}
  • Leave the door open you will have many coming in close the doors there will be no one coming in it is all your choice to safe or not all up to you.
    {{ DiscussionBoard.errors[9072499].message }}
    • Profile picture of the author rhinocl
      You need to practice security in proportion to the value of your content. No need to drive yourself crazy protecting a 4 page blog that has no customizations and is using the default theme.
      Just make sure you always have a full backup-the type that your hosting company can restore everything for free from, and keep a couple copies off site.
      {{ DiscussionBoard.errors[9072525].message }}
      • Profile picture of the author JohnMcCabe
        Originally Posted by Istvan Horvath View Post

        I just don't understand what is it so special about hosting WP that one has to ask a host about it. Any hosting service with PHP and MySQL is good for WordPress. And nowadays is difficult to find a decent host that doesn't offer those...
        I think a lot of it has to do with several hosting companies marketing "Wordpress hosting" at premium prices. They try to scare people into buying their flavor of specialized hosting.

        For those of you still worried about security, you can take a big step forward by NOT using the fantastico install. It may be one-click easy, but that convenience opens up several possibilities for hackers. For a start, the database and db usernames use a standard format. Use the five minute manual install, and choose database and db usernames that are hard to crack, just like choosing secure passwords.

        Use a complicated name for the admin account, and set up a separate account to actually post under. Choose and use a secure password to log in, and change the password from time to time.

        As others have said, no system is totally secure. But, like securing your house or car, if you make things tough enough for the would-be hacker, they'll pass you by for easier pickings.
        {{ DiscussionBoard.errors[9072583].message }}
  • Profile picture of the author vishwa
    I think Its is not a fact or logic that has been interpreted by the hosting company. Wordpress is not only unsecured, even Human lives is not have a full proof security
    Signature

    Blogging Tips & Tricks @ https://blogwithvk.com

    {{ DiscussionBoard.errors[9072899].message }}
  • Profile picture of the author ddev
    I love WP, but the problem is that some plugins can open unwanted doors.

    Unfortunately, some plugins are not well coded and don't contemplate that a visitor can be also a user (i've found some problems with different plugins and membership plugins - the users were able to get access to the settings of the plugin).

    Lesson Learned: When using a membership plugin, i create a dummy account to test things at the user level and see if some of your plugins it's not exposing its interface to the end-users.
    Signature
    [2016] WordPress Plugins With PLR
    The Secret Site Used By TOP Marketers!


    {{ DiscussionBoard.errors[9072966].message }}
  • Profile picture of the author Tom Brownsword
    What are your risks?

    Wordpress itself? Actually, it's fairly good. It's open source and you have an army of very talented people looking for ways to both make it better and make it more secure.

    Plugins and themes? Issues. Only buy them from companies that actively support their products. Be very careful with anything "free" and anything sold by vendors that appear to be simply out to make a quick buck.

    Hosting. Got shared hosting? As I learned the hard way, if one account on a server gets popped, it's trivial for a good attacker to pivot and pop ALL of the sites on the server. Choose carefully or (even better) get some kind of dedicated server.

    It all comes down to risk management. What are your risks for hosting a WordPress site? Have you identified them? Have you come up with a plan to mitigate the risks? You can never fully mitigate all of your security risks and you must accept any residual risks that you either can't -- or decide not to -- mitigate.

    Of course, anything that has to do with computers or Internet has security risks and WordPress most definitely is no exception. But if you properly manage your risks, you can live with it.

    HTH,
    Tom

    P.S. -- Don't forget to click that "update" button in the WP admin panel any time you see it, and backups are always your friend!
    Signature

    Tom Brownsword, CISSP®, GCIA, ITILv3
    Certified Computer Security Pro
    http://ProtectorSupport.com
    http://BusinessActionSteps.com
    ------------------------------

    {{ DiscussionBoard.errors[9073918].message }}
  • wordpress is a living project, it continues to grow. WordPress is the most update CMS compared to other, it can give us comfort in terms of security.

    Regular updates on a regular basis is what assures us that the wordpress community continues to grow.
    It also makes theme and plugin developers to continue to innovate.

    Security issue is a logical consequence of a very famous CMS, so don't ever hesitate to reject suggestions from hosting company that are not recommend wordpress for you :p
    Signature
    Professional Animated Banner HTML5 Designer
    Make Your Banner Ads More Clickable
    {{ DiscussionBoard.errors[9076513].message }}
  • Profile picture of the author Pedro Lopes
    The most popular and the most used is naturally gonna be the most hacked..

    Great post though!

    Cheers!
    Pedro
    Signature
    {{ DiscussionBoard.errors[9076537].message }}
  • Profile picture of the author jims45
    I use WP plugin "bullet proof security" has very good rep.!
    {{ DiscussionBoard.errors[9103323].message }}
  • Profile picture of the author davidaclark
    Originally Posted by Joseph Then View Post

    I had a conversation with a local webhosting company asking if they can host WordPress and here's the rough conversation:

    Me: So can your company host WordPress?
    Host: Yes we can but we don't recommend it.
    Me: Why?
    Host: WordPress is not secured. It is easily hacked and cause problems to the server. We don't recommend it.
    Me: Oh I see. So that means you can host WordPress but don't recommend it because it's easily hacked right?
    Host: That's right?
    Me: But you know that WordPress is the most popular blogging software and yet you don't recommend it because it's easily hacked right?
    Host: Correct.
    Me: So do you use Microsoft Windows in your office?
    Host: Yes, why?
    Me: Microsoft Windows is the most popular software on Earth and has the MOST number of virus attacks so why are you using it?
    Host: ....

    Speechless.

    In the end, I get my WordPress hosting for my client.
    Nothing is secure on the Internet. All you can do is make everything as secure as you can and have a good backup system in place. There was a plugin a while back to add another level of security to the Worpress login page. It involved the use of a security question. You could add several security questions and Wordpress asked you a random question at login.
    Looks like a good idea. I have a copy to implement shortly on my own blog.
    Signature
    Buy the perfect domain name for your website.
    http://www.domainnamesthatsell.com/


    {{ DiscussionBoard.errors[9103732].message }}
  • Profile picture of the author bighostchennai
    My two of my WP sites where hacked some years before, when I put the link in freelancing sites then I realized that the password should be very strong -alpha numeric. Password is not strong, it would ice-cake for hackers..
    {{ DiscussionBoard.errors[9107189].message }}
  • Profile picture of the author kencalhn
    in addition to security plugins, I've used
    #1) limit login attempts: WordPress › Limit Login Attempts « WordPress Plugins

    #2) IQ block country and it works great:
    https://wordpress.org/plugins/iq-block-country/

    I block countries like china, russia, malaysia, nigeria, ukraine, norway
    (interesting top-2 hack attempt countries were ukraine and norway). I like to block everything from backend access except my whitelisted personal IP address.

    both of those are great, in addition to the security plugins like:

    https://wordpress.org/plugins/better-wp-security/
    and
    https://wordpress.org/plugins/wordfence/

    I always install those 4 on all my wp sites; never been hacked once after using those 4
    {{ DiscussionBoard.errors[9107220].message }}
  • Profile picture of the author jerry3
    Use of Wordpress is secure ,just download an anti virus .I would recommend using the PC security software if you do use wordpress. I've also used it on my computer to keep my system virus free and has been installed and updated with utmost of ease.
    {{ DiscussionBoard.errors[9458170].message }}
  • Profile picture of the author extrememan
    I'm a fan of wordpress. Hackers are getting cleverer and cleverer. Big names like Aweber and Getresponse have been hacked and they don't use wordpress. There is plugins out there to secure you're site better.
    {{ DiscussionBoard.errors[9458283].message }}
  • Profile picture of the author ChrisWJohnson
    Banned
    Hey Warriors!
    All systems, computers and websites have security but.... don't have security.
    Chris
    {{ DiscussionBoard.errors[9458543].message }}
  • Profile picture of the author usmantech
    Yes wordpress security is very weak if you use something like admin:1234 as your admin username:password. However, there are many things which you can do to secure your wordpress.
    {{ DiscussionBoard.errors[9458584].message }}
  • Profile picture of the author LuckyIMer
    It is some how funny and interesting conversation, you surely left him speechless.
    {{ DiscussionBoard.errors[9464848].message }}
  • Most online business users used Wordpress because it is very search engine friendly. You don't to worry about hackers because there are plugins which could protect you from hackers. It's just a matter of how do you know more about Wordpress, in as far as protecting your website.
    {{ DiscussionBoard.errors[9469731].message }}
  • Profile picture of the author Kalambur
    Are they of paid cms?
    By the way, WP is free, and they are right, it is not as secured as paid cms.
    {{ DiscussionBoard.errors[9469972].message }}
  • Profile picture of the author gfxhead
    From my poit of view:

    If you are go with the open source projects, you need to space some difficulties like website attacks, spaming, ftp theft etc.., you need to use some kind of security modules to preventing your site with this kind of attacks.

    Thanks..,
    {{ DiscussionBoard.errors[9486822].message }}
  • Profile picture of the author Harry V
    I do agree that WP is not secure and is vulnerable to attack but if you are running a website that uses WP here are 10 suggestions to make it secure

    Always run the very latest version of WordPress
    Always run the very latest versions of your plugins and themes
    Be conservative in your selection of plugins and themes
    Delete the admin user and remove unused plugins, themes and users
    Make sure every user has their own strong password
    Enable two factor authentication for all your users
    Force both logins and admin access to use HTTPS
    Generate complex secret keys for your wp-config.php file
    Consider hosting with a dedicated WordPress hosting company
    Put a Web Application Firewall in front of your website
    {{ DiscussionBoard.errors[9486845].message }}
  • Profile picture of the author Valdor Kiebach
    I agree with the host in that WP is a risky CMS to host.
    Since '...WordPress is the most popular blogging software' and coupled with it being open source it is a hackers playground.

    I have been on a server where somebody has had an unsecured WP site and some hacker got control of it and uploaded a script that allowed them access to the persons web directory and was doing stuff that slowed the server down to a crawl.

    Just because you may (think) you have a secure WP installation doesnt mean the other people on the server have.

    Originally Posted by spearce000 View Post

    What does he recommend, then? A web1.0 html site made with FrontPage, perhaps? Of course they never get hacked. :rolleyes:
    Could use an alternative CMS or write your own site using HTML5 + php / javascript / perl / ruby / python / etc..

    Does WP even use MySQLi or does it still use MySQL ?
    {{ DiscussionBoard.errors[9486994].message }}

Trending Topics