December 17, 2020: A vulnerability was discovered in Contact Form 7 that allows attackers to upload malicious scripts. This plugin is used on more than 5 million websites. Contact Form 7 has released an update to fix this vulnerability.
For more information, read this article: https://www.searchenginejournal.com/contact-form-7-vulnerability-in-5-million-sites/391111/
October 31, 2020: Wordpress pushed out a an update that made it impossible to install new Wordpress sites. In an attempt to fix this update, they paused the rollout and ended up with several more issues that could potentially compromise the security of websites that were impacted.
For more information, read this article: https://www.searchenginejournal.com/wordpress-update-fiasco/386236/
September 6, 2020: There was recently a large attack on Wordpress websites which has affected at least 700,000 websites with the WP File Manager plugin. Once a single Wordpress website on a server is compromised, the attackers can access all other Wordpress sites on that server.
For more information on this attack, please visit https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
May 6, 2020: Over 900,000 wordpress sites were targeted by a hacking campaign this week. Sites that don't stay up to date with their security plugins are the most vulnerable to these types of attacks.
For more information, check out this article: https://www.welivesecurity.com/2020/05/06/almost-million-wordpress-websites-targeted-campaign/
Wordpress is the most popular website building platform in the world. What began as an open-source blogging platform has morphed in to an extremely popular system used to build websites for organizations of all sizes. It has been used for over 50 million websites worldwide. While many people love that it is easy to use and has a seemingly unlimited number of available themes and plugins, there are several downsides to this website building giant.
WordPress uses plugins to enhance the capabilities of their content management system. There are plugins for everything. I don't know if I've ever worked on a Wordpress site that didn't have at least half a dozen plugins installed and activated, and that can be a problem. There are potential risks you are taking with each plugin you install.
Anyone can build and publish a new plugin. Some of the most popular plugins on Wordpress.org are built and maintained by freelancers. Others are owned and maintained by big development groups. Sometimes if you run into problems the developer or community at large can be super helpful in resolving your issue. Sometimes, you feel like you are on your own, not even trusty Stack Overflow can help you.
Over the years we've learned that not all plugins are created equal and even highly popular plugins with big developer support behind them don't always play well with others. Usually the more plugins you are using, the more likely it is that they will start fighting with each other, and getting to the bottom of the conflict isn't easy.
The number one rule, if you choose to use WordPress is to keep everything up to date. Being the elephant in the room has made WordPress a juicy target for bad actors. WordPress pushes out a stream of regular software updates to address potential threats and vulnerabilities. It's imperitive that you keep your WordPress core up to date, but sometimes it seems you are more diligent than the creators of your themes and plugins. Updates can often cause problems. Some people are brave enough to install updates without making a complete site backup. Those people are crazy. Keeping your WordPress core engine and all of your themes and plugins up to date can be exhausting. Most website owners are not good at keeping up with this. Which brings me to the main point.
We've been building and hosting websites for almost twenty years. During that time we've learned a hard truth. It's not a matter of if your WordPress website will be compromised, it's a matter of when. Every week we get calls from businesses whose websites have been compromised. They are always running WordPress.
Bottom line, we aren't trying to stir up trouble. We are just trying to be pragmatic. We've learned over the years to use other platforms that are less vulnerable to these kinds of issues. We've settled on a development stack that we love and feel safe recommending to our customers.
If you've been bitten by WordPress in the past and are looking for another affordable alternative for your next website, you've come to the right place. Look at our demo site and our FAQs to see if we might be a good fit.