Free WordPress Security Mini Course

Let’s Talk Basics About Hosting

No amount of security on your wordpress website is sufficient if you don’t have a good host. It’s a real shame when I talk to people that feel their website was sufficiently secure and yet they still got hacked. The question they ask is always “Why did I get hacked if my site was secure?”

Hey, I can relate. I’ve had the same thing happen to me. In fact, let me tell you a personal story for a minute. About 6 years ago, I received an unwelcome email notice from my host. At first I thought it was spam because there’s no possible way my host would actually send an email like this… right? WRONG! My account had been suspended. I rummaged through my old emails and I found one of the email correspondences. Here’s the basic email message:

Web hosting account deactivated for MYSITE.COM

This deactivation was due to a Terms of Service violation associated with your account. At sign-up, all users state that they have read through, understand, and agree to our terms. These terms are legal and binding.

There wasn’t much more to the email. No specific reason my account my closed. Of course I immediately went to the host’s terms of service page to see if I could find some information about what I  did wrong. Any clues about what happened or how I could fix it. Nothing that I could find. Then I contacted the host to find out what happened. They said several things that concerned me.

  • They said some hackers had injected spammy scripts throughout my website
  • They did NOT have a backup of my site
  • They said they would not reinstate my account until I had a “professional” certify my site was clean
  • They could not tell me how the hackers got it. It was “my responsibility” to lock down my own site

So I proceeded to spend the next several days cleaning all the sites on my hosting account. I contacted my host to re-instate my account and I noticed a few things different about the host. Within the last couple days the host had changed their login page to be HTTPS encrypted. They also sent me an email indicated that they were requiring all accounts hosted with them to change their passwords.

Was that a coincedence?

Let me put the puzzle pieces together for you.

  1. My site got hacked
  2. My host wouldn’t tell me how it got hacked
  3. My host changed their login page to HTTPS
  4. My host forced me to change my password
  5. Then I read dozens of posts on forums and blogs that many other people had the same problems with their very own websites
  6. A couple phone calls to my host revealed that they had indeed had some security breaches but it was “quickly fixed”

That was all I needed to hear. I quickly grabbed a backup copy of all my sites and promptly left that host.

This is a lesson for all of us to make wise choices when choosing a host for a wordpress website.

  1. Jim Walker07-13-11

    Hi,
    I was doing some research on the latest pharm malware hack and stumbled upon your website with some nice notes about hosting and backups.

    We add value to people’s lives at TVC.Net the company I work for. Unlike Dreamhost, Godaddy, 1&1 and the the “Walwart hosts” we provide instantly available weekly and daily backups (no waiting and no restrictions), and we are the only web host in the world today who provides free daily malware scanning to even our $3 a month clients. Likewise, if a client has a WordPress question we are always glad to help, and will go out of our way to help our clients better secure their WordPress blogs as well.

    Just saying- there are good hosts out there that really do care…

    Best Wishes,
    Jim Walker
    (619) 479-6637

Leave a Reply