WordPress is used by 64.2% of all the websites whose content management system we know. This is 43.1% of all websites.W3Techs
WordPress Hosting Nightmare
So many websites use WordPress, so the knowledge that potential hackers can gather is very available. Another vulnerability is the fact that so many people write plugins and themes for WordPress that there should be exceptional quality control in the WordPress repositories that some don’t take the necessary precautions reduce the exploits in their code. Some of the quality developers know how to properly code against hacking exploits, but not always. So sometimes you have a plugin that will open your site up to specific hacking methods.
To combat this, put some time into discovering a secure hosting environment that has file and directory permissions set correctly and also includes firewall protection. If you do happen to choose a host that isn’t very secure because it’s very inexpensive (there are some WordPress hosting solutions that cost only $4 a month), then use a plugin reputed to protect your site, such as Wordfence or something similar.
VPS Convenience vs Security
I’ve been a big believer in using VPS (virtual private servers) and dedicated hosting server environments because they are extremely customizable. Using cPanel and WHM to manage your server gives you an easy way to install WordPress and many other software packages. And while there are certain protections that WHM offers, such as a firewall and brute force protection, WordPress can open up exploits that makes regular server security pretty much useless.
I tried to install plugins and even paid for a cPanel security package called Immunify360, which did a good job in cleaning the database and filesystem when an infection was present and a better firewall, but it didn’t stop them from reinfecting the website after each cleaning. After about 2 weeks of trying to protect my clients’ websites and having their URLs removed from blacklists from Google and other anti-virus software programs I decided to search for a solution that had WordPress security as one of it’s main offerings.
WP Engine to the rescue
I had used WP Engine in the past and considered it for the official Mindful Coding Solutions hosting provider, but it seemed a little pricey. You really do get what you pay for, and this is no exception to that rule. You can use our affiliate link to get a discount on your hosting purchase. Other than being one of the fastest hosts for WordPress websites, they offer Global Edge Security (GES), which includes a great many security features.
You can see it is chock full of ways to keep a WordPress site secure. Here’s that link again in case you missed it! We are proud to have WP Engine as one of our technology partners.
I could have kept hosting very cheap, but in the long run having my clients’ websites more secure was more important. It’s been 9 months since the server hack and all of our sites are running smoothly. If you have a business and build a website to help you make it shine, your website is going to get a lot more traffic and you’ll want to be secure.