My conversations around WordPress security plugins and strategies are generally focused on the potential for vulnerabilities in WordPress core files, themes and plugins. I generally don’t point to hosting being violated in a manner described by recent news on multi-year GoDaddy breach. Apparently for the last four years, GoDaddy’s shared hosting accounts, serving approximately 1.2 million customers, were exposed to hackers. They stole client data, loaded malware into websites, and also redirected website traffic.
Unfortunately, GoDaddy didn’t notice this issue until December 2022 and just recently advised clients of the breach. Coincidentally, GoDaddy did upload some security software in late 2022, that suggests they were taking some action a few months prior to announcing they had a massive problem.
WordPress security is a fundamental technical responsibility of a website owner. While website and content security has been high-profile news, hosting companies have generally left individual site security up to the website owner. Companies like GoDaddy, generally only alert subscribers to their hosting services, if a problem negatively impacts a server’s performance or other accounts. That means in almost all cases where they may be a security issue, there is no alert unless you have a security plugin installed.
As a WordPress contractor who manages client sites on many hosting platforms, including GoDaddy, I can attest to the fact that if you do not manage your website’s security, no one is going to do it for you. I have yet to take over the management of one WordPress website that had an existing security plugin or any security strategy whatsoever!
The bottom line is that regardless where you host your WordPress website, you have to have a security plugin (if allowed) and an ongoing, persistent strategy! If you don’t manage your website directly, you must be sure your in-house team or contract does!
Support Channeling WordPress 2023 – WordPress This Week Podcast by contributing to their tip jar: https://tips.pinecast.com/jar/how-to-do-it-yourself-wordpres
This podcast is powered by Pinecast. Try Pinecast for free, forever, no credit card required. If you decide to upgrade, use coupon code r-b05810 for 40% off for 4 months, and support Channeling WordPress 2023 – WordPress This Week Podcast.