WordPress hosting seems like a simple choice, since it doesn’t have huge server requirements and is completely built with legacy programming languages like PHP and Javascript. There are reasons for being extremely particular for choosing the right WordPress hosting environment, which will be explained in this original real-life story of Mindful Coding Solutions and “the hack of 2022”.
WordPress is used by 64.2% of all the websites whose content management system we know. This is 43.1% of all websites.
W3Techs
WordPress Hosting Nightmare
So many websites use WordPress, so the knowledge that potential hackers can gather is very available. Another vulnerability is the fact that so many people write plugins and themes for WordPress that there should be exceptional quality control in the WordPress repositories that some don’t take the necessary precautions reduce the exploits in their code. Some of the quality developers know how to properly code against hacking exploits, but not always. So sometimes you have a plugin that will open your site up to specific hacking methods.
To combat this, put some time into discovering a secure hosting environment that has file and directory permissions set correctly and also includes firewall protection. If you do happen to choose a host that isn’t very secure because it’s very inexpensive (there are some WordPress hosting solutions that cost only $4 a month), then use a plugin reputed to protect your site, such as Wordfence or something similar.
VPS Convenience vs Security
I’ve been a big believer in using VPS (virtual private servers) and dedicated hosting server environments because they are extremely customizable. Using cPanel and WHM to manage your server gives you an easy way to install WordPress and many other software packages. And while there are certain protections that WHM offers, such as a firewall and brute force protection, WordPress can open up exploits that makes regular server security pretty much useless.
In the case earlier this year, an attacker was able to gain access to change the login username and password of the main administrative user and then upload a plugin that gave them complete FTP and database access. From there, they installed a phishing javascript that would immediately redirect visitors to a malicious website.
I tried to install plugins and even paid for a cPanel security package called Immunify360, which did a good job in cleaning the database and filesystem when an infection was present and a better firewall, but it didn’t stop them from reinfecting the website after each cleaning. After about 2 weeks of trying to protect my clients’ websites and having their URLs removed from blacklists from Google and other anti-virus software programs I decided to search for a solution that had WordPress security as one of it’s main offerings.
WP Engine to the rescue
I had used WP Engine in the past and considered it for the official Mindful Coding Solutions hosting provider, but it seemed a little pricey. You really do get what you pay for, and this is no exception to that rule. You can use our affiliate link to get a discount on your hosting purchase. Other than being one of the fastest hosts for WordPress websites, they offer Global Edge Security (GES), which includes a great many security features.
WP Engine Affiliate Link
You can see it is chock full of ways to keep a WordPress site secure. Here’s that link again in case you missed it! We are proud to have WP Engine as one of our technology partners.
WP Engine Affiliate Link
I could have kept hosting very cheap, but in the long run having my clients’ websites more secure was more important. It’s been 9 months since the server hack and all of our sites are running smoothly. If you have a business and build a website to help you make it shine, your website is going to get a lot more traffic and you’ll want to be secure.