Wordpress Hacked - How to keep your small-business site secure, on a budget

By Michael Kramer // Aug 26, 2013 at 10:23 AM

WordPress and Security have become a BIG issue lately

Wordpress Hacked - How to keep your small-business site secure, on a budget Michael Kramer, founder of Santa Barbara-based Ameravant Web Design. Web developers say a proprietary content management system, such as Ameravant’s SiteNinja, can be a more secure option than an open-source option like WordPress.
Wordpress Websites

Somewhere between 50-70% of a small business websites are using the free Content Management System "CMS", known as WordPress.  Because so many sites use WordPress, this tool has become a big target for hackers to get the biggest BANG for their hacking efforts.

Are Free CMS's better or Safer than Paid CMS's?

Because this powerfull CMS is free business owners think they are getting something for nothing.  As the old saying goes, if it seems to good to be true it may not be real.  Bottom line is you may be getting your content management system for free but you are probably going to need to hire a paid professional to install and maintain the security of your website, and the hosting enviroment.  Here is an example of common costs for hosting and support:

Typical Cost for hosting and Supporting a Wordpress website

  1. Monthly Hosting of a WordPress website: $10-$15/month, or $150 per year
  2. Paid Support to upgrade your hosting account and your WordPress application:  1 hour every 3 months X $125 per hour =  $500 per year
  3. Average paid support to assist you with management of your website content: 1 hour every 3 months x $125 per hour  =  $500 per year
  4. Total Annual Cost of Hosting and Security Upgrades: $1,150/year

Typical cost for hosting a SiteNinja CMS website

SiteNinja CMS Websites
  1. Monthly hosting and lifetime free security upgrades: $39/month
    1. Secure Website hosting on Amazon Cloud
    2. Lifetime security upgrades to SiteNinja CMS: included
    3. Lifetime security upgrades to the hosting enviroment: included
    4. Lifetime free feature upgrades to your CMS: included
    5. Lifetime free live support (phone, screen share and Email): included
  2. Total Annual Cost:  $468/year

I think you can see there are hidden costs in supporting your "free" WordPress website. Your actual cost may be more or less depending on how often you need content support from your Webmaster.  You may also opt to not upgrade your website security patches as often, but then you run the risk of being hacked, which is not a cheep fix.

WordPress Websites Under Attack of being Hacked

A recent article authored by Stephen Nellis of The Pacific Coast Business Times reports a wave of attacks.

It’s a small-business owner’s worst Web nightmare: A customer or business partner calls up and says your website seems to now be an ad for Viagra pills from China or just infected them with malware. You’ve been hacked.

In recent weeks, a wave of hacks have hit small business around the Tri-Counties. The Business Times reached out to Web developers around the region for advice on how small-businesses can keep their websites more secure. Experts say that even without a huge budget or a full-time webmaster, small firms can take a few easy steps to protect themselves from some of the most common hacks and recover quickly if an attack does happen.

Free Content Management Systems are Easily Attacked

Steven also reports that free content management systems like WordPress, Joomla and Drupal, are built by 100's of programmers makeing their own plugins or modules.  Because it is impossible to perform quality control on each of these modules, to see if it is secure, a rouge module can cause your website to be attacked.

by Stephen Nellis of The Pacific Coast Business Times

One of the first things to understand is that even the simplest of websites are far more complicated than the days of HTML files pecked out on a keyboard. Most websites today employ what’s called a content management system and a database. The database stores all of website’s content and information, and the content management system is software that runs on the Web server to display the front end of the site to users and let the site’s owners create and manage content on the back end.

The rise of freely available content management systems such as WordPress, Joomla and Drupal has revolutionized Web development. Since they’re free, some small-business owners try their hand at creating a site on their own, and others tap the vast number of developers who use the systems as a basis and take advantage of the millions of plug-in tools published for them.

Experts think that as many as half to three quarters of the sites on the Internet are running WordPress. That in itself is a problem: Hackers always target the most broadly used systems to get the best bang for their evil buck.

“One of the big dangers out there is using a pre-built CMS platform. They can be dangerous in that they have a lot of insecure plug-ins that were written by people that aren’t security minded,” said Forrest Hatfield, co-founder of ITECH Solutions in San Luis Obispo. “You have to be very careful about what you install.”

So when considering your next website development tool, consider the safety of the tools you are using, and the policies you have in place for making sure your webite data is protected 

  • The Full Article – Hack-attack-How-to-keep-your-small-business-sites-on-a-budget.pdf
  • Posted in Small Business Website Design.

    May 21, 2014 Arrow1 Down Reply
    casper

    I got to know why there is a large scale possibility of hacking while using the free Content Management Systems. It was useful for the small business beginners like us to know how we must deal with word press. Thank you for the content.

    May 31, 2014 Arrow1 Down Reply
    Jake Jerrarigg

    Couldn't agree more with your assessment... All these wordpress sites out there... it's a time bomb waiting to go off. As soon as someone finds an exploit that affectes ONE site, they'll be able to hack MANY... You look up, and your CMS has become a haven :)

    Sep 17, 2014 Arrow1 Down Reply
    Vanessa

    Thanks for everything Michael...

    Sep 25, 2014 Arrow1 Down Reply
    Max Stanfield

    Michael Kramer is an amazing guy. Keep up doing what you are doing because it clearly is working very well.
    Cheers
    Your friend
    Max

    Oct 13, 2014 Arrow1 Down Reply
    Marius

    I truly agree.. Had SO many of my sites being hacked or anythitng.

    Oct 30, 2014 Arrow1 Down Reply
    hans henriksen

    A clearly executed and well communicated security policy for data is essential. However sometimes ensuring your business is complying with guidelines can be technically challenging, expensive and a strain on internal resource. If this is the case it may be best to outsource data security management to a specialist company.

    best regards

    Nov 13, 2014 Arrow1 Down Reply
    Mark

    Good post. Recently one of my sites got hacked and now I do have the problem of not getting it indexed.. It's really a pain..

    Dec 11, 2014 Arrow1 Down Reply
    Bart

    It is such an unpleasant experience, and these tips are genuinely effective when taken into consideration.

    Dec 17, 2014 Arrow1 Down Reply
    wildan

    Good post. Recently one of my sites got hacked and now I do have the problem of not getting it indexed.. It's really a pain..

    Sep 06, 2015 Arrow1 Down Reply
    john2000

    this post 's really nice and wonderful, keep it up.