WordPress is the most popular website content management system in the world and powers a reported 34% of all the worlds websites – that’s over 75 million sites! So it should come as no surprise that here at ClearSoft, we have a number of WordPress sites in that 75 million.
WordPress is robust, extendable, usable and has a vibrant community constantly working on enhancements and new features. Many of the top websites in the world such as TED, CNN, People Magazine, UPS amongst others use it as their chosen platform.
With great popularity comes great threats. Given the scale of its user base, it can be very attractive for hackers to probe for back doors into this system – and they succeed regularly. And when they succeed once, it’s very easy for them to propagate an attack to hit millions of WordPress installations around the world. The WordPress development community is in a constant ongoing battle to stay one step ahead of the bad guys.
That community is very vigilant and smart and issues regular patches, upgrades and enhancements to the core system and plugins. Supplying the fixes is one thing, applying them is another.
Let me tell you a story about an unnamed web developer based in Gorey Co. Wexford (ok it was me!). Years ago when I first started working with WordPress I fell in love with it for the reasons already discussed above. One of my early WordPress clients was a Dublin based mindfulness business. The website went live, the client was happy and all was good in the world.
Fast forward 12 months or so – and I arrive at the office one morning to find an email from my hosting company telling me that the site had been taken down as it was trying to send out millions of spam emails. I replied to the hosting company to tell them that it must be a case of mistaken identity as I certainly would not have sanctioned such an action. They came back immediately and told me that it looked like I had been hacked – and that’s when the fun began.
My immediate concern was for the client and how we restore the service to them. I asked for the hosting company to restore the last good backup – they informed me that all sites were backed up every night but only 1 copy is kept. So the only copy available to me was an already hacked copy!
Next I set about trying to weed out the infected files myself. Naively I hoped that the infected files would be in a very obvious folder labelled ‘Hacked Files’ or something like that. I was mistaken. The tentacles of this attack had reached all parts of the site structure, files and database. I would have had a better chance cleaning the Golden Gate Bridge with a toothbrush!
After a few days toil and awkward and embarrassing exchanges with the client – we eventually got the site back live again. However it was a completely new site built from the ground up based on the old site.
The cause of this? I had installed the website a year earlier and walked away happy that my work was done. I hadn’t checked back in to update plugins, modules or the core system. I was 7 releases behind where I should have been and had been asleep at the wheel.
So what could I have done? I could have checked in weekly to update all modules that needed updating. This might be fine for one site but what if you have hundreds? It doesn’t scale up. Even if it did scale up, leaving a week between this activities doesn’t guarantee anything. It only takes a few seconds to attack a site.
I investigated high and low to see what options we had in this space. What I discovered was that it all came down to hosting. We required a more sophisticated hosing platform, one that would allow for automatic periodic backup cycles and WordPress core, plugin and theme updates. We spent time evaluating a number of hosts, carried out many trials before settling on our chosen partner. We then moved all sites over to this partner and they have remained there since.
So long story short, when you go for a ClearSoft WordPress website you can be assured of the following
- Website is hosted on a secure server in Dublin
- Weekly automatic backups kept on 4 weekly cycle
- WordPress core version updated within 24 hours of release
- WordPress plugins updated within 24 hours of release
- 0 downtime during upgrades
ClearSoft are the web design and web development specialists in the south east of Ireland and we take our hosting seriously. Your website needs to be attractive and functional of course but equally important is the platform that the site is built on – and this is where you need to be careful with other website providers. If they don’t satisfy the criteria outlined above, tread carefully if your website is important to your business.