There is no doubt that WordPress sites are being launched at record speed across all industries for small and large businesses, professionals and entrepreneurs. There is also no doubt that a website is extremely critical for a multitude of business operations including lead generation and customer conversions. But there is also a grave danger lurking because of a profound complacency among website owners and their lack of information about security, WordPress and consequences of failing to properly maintain their website. This problem is hardly limited to WordPress as any website can be hacked but WordPress is particularly vulnerable because of its popularity on the web.
Hackers have found new ways to inject malicious code, spam sites, access protected information for site owners and visitors, and alarm visitors who arrive on the site with a disturbing warning message about a security threat or even worse. The harm to a business owner goes far beyond the loss of their site as such threats can harm their reputation as well as cost business and revenue. Infected sites can and often are shut down by hosting companies who discover the threat before a business owner can do anything about it. This makes it particularly difficult to access the site and repair the damage.
WordPress software developers are constantly trying to stay ahead of these destructive hackers who cause so much damage. That is partially the reason for a surge in WordPress upgrades. Unfortunately, many WordPress projects are not upgraded and have multiple plugins that are also out of date. Outdated WordPress themes may also be at risk. All of this creates vulnerabilities for websites and opens the door for malware attacks.
One Server is Not as Good as the Next
Many business owners look at bottom line costs when choosing a hosting company. One of their most valuable pieces of online real estate is entrusted to servers that have limited protections against malware and almost no support. What website owners must understand is that even expensive servers like Rackspace provide no support at all when sites are hacked. They may have software to scan for malicious code and may restore a backup but that is the extent of their support. Low cost servers will often shut down sites and terminate the account when hacking occurs. Unfortunately website owners pay a very costly price because they didn’t know this could happen or don’t consider the consequences of low cost hosting.
Servers that support WordPress may be Linux or Windows. The best type of server for WordPress is a Linux server. Beyond the type of server, WordPress requires PHP (a coding language) and MySQL (database) installations. The server can only include one version of PHP and MySQL. Old versions of both can produce a security risk. PHP 5.4 and MySQL 5.5 are the latest and safest versions. Many servers cannot upgrade safely because outdated sites are likely to malfunction. This creates a security problem for the entire server where multiple projects are hosted.
Website Maintenance to Keep a WordPress Website Protected from Malware Attacks.
There are several measures that are part of maintenance for keeping a WordPress website reasonably secure. These include:
- WordPress and all plugins should be current. The site including the database should be backed up prior to any upgrades. After upgrading, the front end of the website should be checked for design and functionality of forms and other interactive elements. Sometimes there are conflicts that must be resolved by installing different plugins or specialized coding by a developer.
- The login to the admin should use a complex username and pw. The name admin which is often the default username when WordPress is installed, creates a substantial risk. Many development companies overlook this. Once the site is created with admin as the username, a developer must do specialized coding to replace admin with an alternate username.
- Always use system generated passwords for FTP and change FTP passwords in the event of an attack.
- Sites should be backed up daily if possible and a clean copy kept in the event of an attack.
- Another safeguard is to use specialized software to monitor the site for malware so that support can rapidly be obtained.
It is up to the website owner to make sure all of these safeguards are in place. This maintenance is not included by hosting companies and is outside the scope of usual hosting services.
WebPuzzleMaster’s Hosting Services
Unlike most hosting companies, WebPuzzleMaster offers services that maximize security on the client’s website. Services that we offer include:
Hosting on a Linux server with PHP 5.4 and MySQL 5.5 installed on the server. This includes liberal bandwidth and disk space, emails, daily, weekly and monthly backups and individual cpanel for each domain.
Website maintenance includes:
- Support for malware attacks provided 24/7 as such threats are regarded as emergency events.
- Upgrades of WordPress when new versions are released with full backups prior to and after WordPress and plugin upgrades.
- Complete testing on the front end and admin areas for theme, WordPress and plugin incompatibilities. Should problems arise, additional charges may apply for troubleshooting services by a developer.
- Monitor sites using Sucuri every 3 hours for malware and blacklisting. In the event of an attack, we initiate a malware support request by Sucuri. Information provided by Sucuri is used by developers to make needed changes and reduce known vulnerabilities.
- Replace existing admin username in the admin area.
- Replace FTP passwords in the event of an attack.