WordPress and Security have become a BIG issue lately
Somewhere between 50-70% of a small business websites are using the free Content Management System "CMS", known as WordPress. Because so many sites use WordPress, this tool has become a big target for hackers to get the biggest BANG for their hacking efforts.
Are Free CMS's better or Safer than Paid CMS's?
Because this powerfull CMS is free business owners think they are getting something for nothing. As the old saying goes, if it seems to good to be true it may not be real. Bottom line is you may be getting your content management system for free but you are probably going to need to hire a paid professional to install and maintain the security of your website, and the hosting enviroment. Here is an example of common costs for hosting and support:
Typical Cost for hosting and Supporting a Wordpress website
- Monthly Hosting of a WordPress website: $10-$15/month, or $150 per year
- Paid Support to upgrade your hosting account and your WordPress application: 1 hour every 3 months X $125 per hour = $500 per year
- Average paid support to assist you with management of your website content: 1 hour every 3 months x $125 per hour = $500 per year
- Total Annual Cost of Hosting and Security Upgrades: $1,150/year
Typical cost for hosting a SiteNinja CMS website
- Monthly hosting and lifetime free security upgrades: $39/month
- Secure Website hosting on Amazon Cloud
- Lifetime security upgrades to SiteNinja CMS: included
- Lifetime security upgrades to the hosting enviroment: included
- Lifetime free feature upgrades to your CMS: included
- Lifetime free live support (phone, screen share and Email): included
- Total Annual Cost: $468/year
I think you can see there are hidden costs in supporting your "free" WordPress website. Your actual cost may be more or less depending on how often you need content support from your Webmaster. You may also opt to not upgrade your website security patches as often, but then you run the risk of being hacked, which is not a cheep fix.
WordPress Websites Under Attack of being Hacked
A recent article authored by Stephen Nellis of The Pacific Coast Business Times reports a wave of attacks.
It’s a small-business owner’s worst Web nightmare: A customer or business partner calls up and says your website seems to now be an ad for Viagra pills from China or just infected them with malware. You’ve been hacked.
In recent weeks, a wave of hacks have hit small business around the Tri-Counties. The Business Times reached out to Web developers around the region for advice on how small-businesses can keep their websites more secure. Experts say that even without a huge budget or a full-time webmaster, small firms can take a few easy steps to protect themselves from some of the most common hacks and recover quickly if an attack does happen.
Free Content Management Systems are Easily Attacked
Steven also reports that free content management systems like WordPress, Joomla and Drupal, are built by 100's of programmers makeing their own plugins or modules. Because it is impossible to perform quality control on each of these modules, to see if it is secure, a rouge module can cause your website to be attacked.
One of the first things to understand is that even the simplest of websites are far more complicated than the days of HTML files pecked out on a keyboard. Most websites today employ what’s called a content management system and a database. The database stores all of website’s content and information, and the content management system is software that runs on the Web server to display the front end of the site to users and let the site’s owners create and manage content on the back end.
The rise of freely available content management systems such as WordPress, Joomla and Drupal has revolutionized Web development. Since they’re free, some small-business owners try their hand at creating a site on their own, and others tap the vast number of developers who use the systems as a basis and take advantage of the millions of plug-in tools published for them.
Experts think that as many as half to three quarters of the sites on the Internet are running WordPress. That in itself is a problem: Hackers always target the most broadly used systems to get the best bang for their evil buck.
“One of the big dangers out there is using a pre-built CMS platform. They can be dangerous in that they have a lot of insecure plug-ins that were written by people that aren’t security minded,” said Forrest Hatfield, co-founder of ITECH Solutions in San Luis Obispo. “You have to be very careful about what you install.”
So when considering your next website development tool, consider the safety of the tools you are using, and the policies you have in place for making sure your webite data is protected