Website Security

Security

2022-10-19T05:21:00-04:00

Hacking into WordPress sites

I get regular updates from my hosting company explaining why I need to pay extra for this plugin or this service to protect my sites from being hacked.

These emails always talk about WordPress. That is because WordPress is such a widely used tool and is inherently vulnerable to hacking. WordPress plugins are constantly being developed to protect the sites from the latest hacking method, so the software has to be constantly scanned for malware, and WordPress plugins need to be updated with the latest ant-hacking code in order to protect a WordPress site.

Obviously to do this job properly requires a great deal of time and energy from the developer and therefore cost to the client.

If you choose not to do anything, you may find that a WordPress site, over time becomes unusable as various modules get out of step with each other.

The advice I have just received from my hosting company suggests that for a WordPress site I would need to:

1) Run regular malware checks with the offer of a 3-month promo on the malware checker

2) Keep all your software up to date. They even update the core WordPress modules automatically. Well, thats all very well and good but if someone is running a WordPress plugin that is out of sync with the latest core module, I bet that could cause some issues.

3) Shield against common WordPress exploits. For this, they offer a special security plugin which does a whole host of things too technical to list here but which would require a great deal of work for a developer to handle and this cost would need to be passed on to the client somehow.

I look at all this and I think I'm so glad I didn't go down this road. I would have to spend so much time on every site I built checking this stuff out on behalf of my clients and then trying to justify why I was having to charge them so much extra every month to keep their site safe.

It's no wonder to me that I regularly get contacted by clients who have had a previous WordPress developer who now has either given up web design or has gone missing and cannot be contacted.

I can see that WordPress has its place for some businesses but the business has to be able to fund a lot of a developer's time to create, and then support and update the business website.

Hacking into Rapidweaver sites

Can someone hack into one of my sites? I can't be 100% sure of course. If someone managed to gain access to your hosting account then, of course, they could do what they want, so if there is one thing I would say it is to use a good password for your hosting account and keep it safe. However, with 2-factor authentication requiring a code to be sent to an email address and that code being entered correctly it becomes far more difficult for a hacker to gain entry.

As for the website code that I produce, it is as close to handwritten code as you can get so I believe that it is very difficult to hack that.

I only know of one occasion that someone used an Admin page on a test site that I was building and left a cryptic message in one of the maintainable text areas. That was because I hadn't protected the page with a PIN/Password but I always protect my live sites with a PIN/Password login.

Conclusion

So think about this before choosing to opt for a WordPress site. If you are going to build it yourself, be prepared to spend a lot of time keeping it maintained. Either that or you risk it being hacked, or it becoming unusable due to modules getting out of sync with each other.

If you are employing someone to build a WordPress site for you check out the ongoing costs that you might be signing up for and how much they charge you for keeping your site safe from attacks.

The advice I have just received from my hosting company suggests that for a WordPress site I would need to:

1) Run regular malware checks with the offer of a 3-month promo on the malware checker

It's no wonder to me that I regularly get contacted by clients who have had a previous WordPress developer who now has either given up web design or has gone missing and cannot be contacted.

I can see that WordPress has its place for some businesses but the business has to be able to fund a lot of a developer's time to create, and then support and update the business website.

Hacking into Rapidweaver sites

As for the website code that I produce, it is as close to handwritten code as you can get so I believe that it is very difficult to hack that.

Conclusion

If you are employing someone to build a WordPress site for you check out the ongoing costs that you might be signing up for and how much they charge you for keeping your site safe from attacks.

Website Security

Hacking into WordPress sites

Hacking into Rapidweaver sites

Conclusion

Hacking into Rapidweaver sites

Conclusion

Share this post

See Also:

Is my site OK?

Zen and the art of website maintenance

Website migration best practices

Ways to deter unwanted visitors

How to decide on a hosting company

Why I am leaving Siteground as a host.

How to find the Google Place ID

Broken Image Checker in Chrome

Hacking and how to prevent it

How to host your own website

Website making - a guide

Updating stacks in Rapidweaver

Choosing a domain name

Measuring colour contrast

Go live checklist

Dynamic URLs

How to check cookies on a website

Image Optimisation

How to view a site by I.P. address

What is the robots txt file?

Disk Not Ejected Properly messages

My setup for Contact Forms in Foundation 6

Progressive Web Apps

My Rapidweaver project takes ages to load