A good part of my past WordPress career I offered design, support and coaching. During those years I cannot tell you how many times I found an email in my inbox that had this somewhere in it:
“My site was hacked. What do I do? Why did my host let this happen?”
Or worse yet.
“My online store is hacked. I need to find out what the problem is with my host?”
It was always the last part that bugged me with an assumption. So often for store or site owners, the host is first in line to blame. It has to be about the host, right? How else could such a horrifying thing happen?
But let’s face facts here folks. It’s the people
With a Closer Look at What Is Going On
Your host is responsible for a lot of sites — hundreds of thousands of sites, possibly millions. A good portion of those probably sell stuff. Their very first priority is to protect their servers. With most, you can be reassured they have measures in place to keep those hackers from getting into their hardware. Why wouldn’t they? It’s part of their business.
Most of us should know that nothing is guaranteed when it comes to security. And yes, there are times when it is a issue with your hosts security. But not always. Some hosts might have higher security standards in place because of the hosting they provide. Or, they might have other plans or options where you can choose tighter security. But in the end, they can only do so much. And it’s not guaranteed to be their fault.
Why is that?
Because it’s impossible for them to babysit every single aspect of every single WordPress site on their servers.
On our podcast, we did a full series on security with Dre Armeda, from Sucuri.net. In one of the shows we talked about the bigger picture of eCommerce, WordPress and Security. One quote from Dre hit the nail on the head:
“Think about physical security and everything we do. It’s great, you have this bitchin’ alarm system, and cameras, and the whole nine. But if you don’t turn them on, it’s not going to work. Who is it up to turn them on? It’s up to the users. That’s the biggest problem.”
See, it’s up to you store owners. You need to have a better understanding of how secure your site is. This can come from getting advice for security experts or being shown what you need to do by the developer or designer who created your site.
Let’s Look at a Couple of Examples
You get your online store handed over to you. Usernames and passwords have been set up for you. But you loathe that password that has a bizarre mix of letters, numbers and even characters. You decide to change it yourself. You dogs name has always worked well. And when you do WordPress informs you that it’s a weak password and gives you the option to chck the box that says Confirm use of weak password. Heck, it’s just a lot easier to confirm it then think of some other password.
Then there are those updates. The host also cannot force you, as a site owner to keep all plugins and themes updated. Nor can they keep you from finding and installing themes and plugins that are not trustworthy and may be filled with malicious code.
What it really boils down to is that the host cannot hold your hand or catch you from doing these kinds of things that likely will compromise the security of your eCommerce site.
Stepping Up the Security with Managed Hosting
Managed WordPress hosting comes in all sizes and shapes. And often their security is better than most shared hosts.
They usually have more security checks in place, as well as the capability to provide consistent auto-updates. Auto-backups are also typically included. Help your clients understand the benefits of managed WordPress hosting, especially when it comes to keeping their site secure.
Now they will vary, so you need to ask questions. But even then it may not be enough for your site. You may need to add an external security service like Sucuri.net.
Just remember, this is your business, your store. You would go to extra efforts for security on your physical store. Think in the same terms for your online store.
And if you still are wondering about this, thinking about that security plugin you have installed, I recommend you listen to that podcast I mentioned earlier in this post. I can guarantee that you will learn a lot.