I've just taken on a new client prospect who has had advice from their current host that they do not use Wordpress for their business website because of the ongoing and more recent uptrend in hacking and brute force attacks etc.
Obviously as a Wordpress developer this is a bit of a concern.
Has anyone had any experience with this?
What can I tell my client to put their mind at rest?
I liken it to using Windows.. the more popular a platform is the more it is likely to get exploited and as long as we have the correct measures in place it is not a problem.
this is the email my client received from her current host:
I can certainly support these requirements. However, if I may give some professional advice. Based on my experience. Wordpress is one of the most attacked website platforms at the moment. I would strongly advise against getting your website made in wordpress.
This botnet which is out at the moment is just one problem that wordpress faces. Every month, there are new vulnerabilities found - it's not something I'd ever advise a professional business using. It's fine for hobbyists. Although millions of people do use it. However every single wordpress site I've known about has been attacked at some point in its history.
If you go down the wordpress route, then whoever is managing the website in your business must keep on top of updates, every day. It would need to be a daily schedule in someone's diary to log into wordpress, check for updates and apply them. Otherwise your website will be vulnerable to attack.
How would you reply to that?
The client could of course just use static HTML files, but that's not without risk either ;-)
Using the same argument we could advice the client to <strong>NOT</strong> use
- any hosting companies
- or any Windows Operating system
- or any open source software
- or any computer software
- or any other man made stuff ;-)
He is also saying that all of these people are doing it wrong:
My advice to the client would be to change hosting company, consider for example wpengine.com
and introduce him to the amazing community of WordPress.
The core WordPress is well maintained, tested by millions and security patches are shipped out fast.
Most of the problems I know of come from unsecure plugins and themes and too weak passwords.
ps: a similar question was asked here:
Steve Watson comments:
Brilliant Dbranes... That's pretty much what I thought, its always good to see others perspective. :)