Hosting Providers: Check Yourself – WordPress is Mainstream

When I get asked for help with an attack on a WordPress site, it’s often on the same few hosting providers.  And when it’s not, it’s usually a small, local hosting provider.  When I have spoken to the staff of one of these hosting providers, about what seems to only occur in these few situations, they never take responsibility for having oddball server settings. And it’s not uncommon for them to actually blame their customers for using WordPress in the first place!

Some of the more popular Hosting Providers that seem to have more trouble than others with WordPress malware attacks in the past two years (in my experience) are Network Solutions and IX Web Hosting. And in general, hosting providers that have a lot of issues with malware affecting WordPress sites either

  • Have screwy server settings that tempt developers to take risks with file permissions, or
  • Have vulnerabilities that allow malware to sneak from one hosting account to another

As for some of the local, ma ‘n’ pa providers I’ve had problems with, I’m not going to hit them when they’re down by naming names.  But let me just say this: Buying local isn’t necessarily a good idea when it comes to hosting. It’s often the worst thing you can do.  You usually get crappy support, a high price, a non-standard product, and to make things even worse, you also often get a territorial ‘server guy’ who wants to blame any technical problems on the customer and not take responsibility for anything.

I can imagine being a hosting provider and not wanting to change how I do things just because a few of my customers want to run some weird PHP software they found somewhere.  But WordPress is hardly obscure anymore. And although I could be wrong, it seems that the server settings required for a smooth, safe ride with WordPress are in line with “best practices” for hosting providers in general, since all the best and most popular hosting providers seem to run WordPress perfectly.

So in the ‘news,’ I guess on April 12th, 2010, someone (rshinsec) at Network Solutions announced that an attack on many of Network Solutions’ customers’ sites was actually caused by a “WordPress Vulnerability.” (Quote is actually from a page HERE, because according to the page, Network Solutions has since edited the announcement)”

“Beginning last week a WordPress vulnerability has been the target of attacks on multiple WordPress websites on hosting platforms around the web. We have a blog post with additional details about the vulnerability and how to secure your WordPress site.”

In fact, it was not a WordPress problem at all.  So in response to some of the inaccurate anti-worpress blogosphere chatter caused by Network Solutions passing the buck like this, Matt Mullenweg, founder of WordPress posted to the WordPress Development Blog, clearing some things up, as well as putting it like this:

“Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.”

Thank you Matt!  We the people that use and love WordPress need to stand up for ourselves and demand what we deserve.  We are not a fringe community anymore.  WordPress is mainstream software and any hosting provider that has issues with it needs to check themselves!


If you found this information helpful, please consider making a donation. No amount is too small.

Bitcoin Donation Address:

2 Replies to “Hosting Providers: Check Yourself – WordPress is Mainstream”

  1. Don’t agree. You can’t always blame someone else or something else for security issues on your product. WordPress is great but security is getting to be a real problem. Matt needs to face it, the hackers are targeting WordPress. There needs to updates and patches because even upgrading to the next new version can be a hassle.

    Guess work and try this isn’t enough for a major platform like WordPress anymore. Need to get SERIOUS about security.

  2. Having hopped around to a number of miserable hosting services over the years, I’m finally happy with Rackspace. They’re expensive, but if you run enough sites off an account, it’s worth it. And they’re support is fast and helpful. I run more instances of WordPress on it than I can count and haven’t had a problem.

Leave a Reply

Your email address will not be published. Required fields are marked *