wordpress security

Don’t believe everything you read about WordPress security

 

I know I’ve ranted about this before, but I recently read this in an article about WordPress security:

 

Preventing Cross-Site Contamination

Shared hosting services are popular among businesses to host their WordPress blogs. Unfortunately, such shared services open the possibility of cross-site contamination. This is essentially a strategy that hackers use to attack a website by gaining access to another website in your shared server. One way to prevent such attacks from happening is by using a managed hosting company that can keep WordPress secure through advanced security configurations, automatic backups and automated version updates.

 

I’m sorry, but I cannot leave this without contributing my two cents.

 

If you select FastComet, Bluehost, JustHost, Hostmonster, Hostgator, Siteground, or basically any other hosting provider that offers cPanel on their shared hosting environments, you have nearly ZERO risk of cross-site contamination.

 

Nearly ZERO!

 

Some of this has to do with how their servers are configured, with each account having it’s own file space and rights, permissions and ownership those files are separated at the operating system level from other hosting accounts on the same server.

 

Some of this also has to do with cPanel itself.

 

If you’re on a VPS or dedicated server and you have separate cPanels for each of your websites, which is highly recommended, you’re essentially dividing up the file space, along with the rights, permissions and ownership into their own logical space.

 

This is exactly the same security provided in separate shared hosting accounts – different user rights, permissions and ownership for each hosting account.

 

The only way to cross-contaminate websites on different cPanels is if the user (attacker) has root privileges. If they have root, they own the server. Game over.

 

If they don’t have root access, IT IS NEARLY IMPOSSIBLE for them to “cross-contaminate” a website on a different hosting account or cPanel account.

 

Of course this same article says to prevent DDoS attacks:

install plugins like WP Super Cache that caches the content in your server. This way, the database remains relatively unaffected by incoming traffic

 

I understand that WordPress security is an often searched for term. But unless you’re in this on a daily basis, please don’t offer advice to those who might actually believe what you’re saying.

 

I’m stepping down off my soap box now…

No Comments

Sorry, the comment form is closed at this time.