How is WordPress like a Honda Civic? Hang in there for a moment.
WordPress isn’t the program I knew last year this time, and especially not the one I knew five years ago.
WordPress is not just free (at least its core code), but also the fastest-growing and most-used content management system (CMS) on the planet.
And, even though WordPress is still free, it’s possibly the most costly to maintain on the web.
I’ll tell you why.
Hacking, plain and simple. Beginning around mid-January of 2014, well into my sixth year as a web host, I began to experience crazy hacking attempts.
So how is WordPress like a Honda Civic?
It’s kind of like the story of the Honda Civic, once the most popular car in America. Because there were so many of them, all built pretty much the same way over the years, thieves learned how to steal them. Car thieves need a lot of practice, and they got it on the Honda Civic (remember how many of us bought steering wheel locks for our Hondas?). (Even I learned how to steal cars, once, for a documentary I was making. But that’s another story.)
Same with WordPress in many ways. It’s an open-source code product, just as Joomla and Drupal are. Which means that all honest people and all hackers have an equal opportunity to both use it well … and destroy our livelihoods.
At first, the hacks against my site were small. Like redirecting all of my sites to a single web site in Russia. Easily fixed. Then, the attacks grew more serious. I just couldn’t keep up with excising the code that was being placed in them.
Long and short — after three weeks of struggling with the attacks, and doing everything I knew to do plus everything my own host told me to do, my host, InMotion Hosting, fired me.
They fired me even though they admitted that they could not sell me nor even discuss third-party software that might add to the security of my own and my clients’ web sites.
One generous fellow, near the end, suggested a plug-in (BulletProof). The plug-in worked great, but I knew I needed more security than what I could get with a free plug-in.
So, I had 24 hours to get everything offline and onto another server. In fact, it meant that InMotion packaged up my entire server and sent it to me via download.
I can’t begin to tell you the problems that even this process created.
I had to match up pieces and parts (the SQL files and the WP files) from the web sites so that they each operated correctly. And one was a total loss — a Joomla website that I had not upgraded to its latest version and now could not even access, because the new server was running the newer version. So I had to go into the code itself and pull out every single story on it, rebuilding my client’s web site from scratch in WordPress.
Six weeks. Six weeks in all it took me to get everything back to its proper operating order. Including the additional snag of discovering that my new host used the latest version of php, which my web sites were unprepared for.
But I did notice that my new host, BlueHost, did have plenty of security features. And backup features missing on InMotion Hosting. So, if I paid the price, I could ensure that my web sites were secure and also, should something unforeseen happen (and it does, even side from hacking) I could restore web sites to the state they were in before a crash.
So, since early March 2014, I haven’t had a hacking incident.
No hacking, but at what cost?
Well, there is the free CloudFlare, which I installed immediately. CloudFlare is a content delivery network and distributed domain name server service marketed as providing security, as well as improving website performance and speed. CloudFlare delivers greater speed by distributing domain names closer to where they are being searched.
I also installed a higher level of security called SiteLock, which costs about $1000 a year. Plus the cost of the backup software, around $40 a year.
So, I’ve had to pass these costs on to my clients.
I started wondering why many hosts weren’t offering security and automated backups to their clients.
Turns out, a new model has hit the streets — managed WordPress hosting — usually running around $350-$400 dollars a year. My new host does offer this to one-offs, but I think the customers who buy this service are better off with a reseller like me, who can spread the cost across accounts to a better price. But at least these single web site owners have some options.
Turns out, my OLD host, InMotion Hosting (in case you’ve forgotten) started offering alight security in April 2014. Funny, but not that funny.
All of these changes to accommodate an open-source code solution such as WordPress may not work for all. This would be a great time for a specialty vendor to create a CMS that’s indeed “bullet proof” out of the can.
However, such a solution may be a ways off. There is such a love of WordPress, and so many free and low-cost plug-ins that help it perform, that we may not see “the next CMS” for a year or two. Or maybe not at all.
Here are some resources to learn more about managed WordPress hosting: