On December 14, Sucuri (a leader in WordPress security) showed that 11,000 domains were blacklisted by Google due to a malware campaign targeted at a vulnerable plugin called “Slider Revolution”. The vulnerability was publicly disclosed, and so attacks were (and continue to be) waged on sites with the outdated plugin. Not only were site owners clueless about how serious this was, they may not have even known they had the code installed, as it was bundled with themes.
It’s a mess. It points to why WordPress, for all its advantages and community, can still be a dangerous place for your business. While it’s no more vulnerable, per se, than any other open-source project, the fact that it’s one of the most used codebases on the web simply means there’s greater opportunity for less-than-secure themes and plugins to appear.
With this story in mind, ZDNet pulled no punches declaring unmanaged WordPress to be a bad choice for most people. It’s a bold statement, but the author’s logic is sound, and security is something we’ve talked about here before.
What does “managed” WordPress look like?
To protect your site against malware campaigns like this and other hacks, you essentially need two or three main areas covered, based on how they’re traditionally split up in the market. You’ll see there are still some holes that need patching even if you pay up for all the services.
Managed Hosting
Quality managed WordPress hosts can do a lot for you: they’ll host your site (obviously), help make it fast from a server level, and troubleshoot issues related to your server. Many will upgrade your WordPress installation automatically. Some offer CDN services, which can help your site load faster as well; some offer automatic backups of your site.
Managed hosts will usually have some level of security, but it mostly pertains to ensuring their servers don’t get hacked. This is definitely important, but wouldn’t prevent the types of issues we’re talking about here unless it became a problem for many customers. At that point, they may do some cleanup themselves, or they may contact you and get you to do the legwork—it all depends on how it affects their infrastructure.
On average, pricing starts at $25 per month and only goes up from there.
Maintenance, Support and Security
Even a great managed host won’t ensure your themes and plugins stay up to date, nor will they troubleshoot issues with them (or WordPress in general). To supplement this, you can contract companies that provide maintenance, updates, security monitoring, backups, and support.
A company like this may have helped some folks avoid the malware attack, as they likely would have ensured everything was up to date, and may have been monitoring for security issues. Unfortunately, as I mentioned earlier, the bad file was bundled with many themes, so many sites would have been left vulnerable even with the most proactive maintenance company. They likely would help fix things up once they noticed issues.
There are a few great companies in this space, and their lowest tier starts at $29 or $39 per month, and goes up substantially from there if you want faster response times or support for things like SEO or eCommerce. If the maintenance does not include security monitoring and fixing, you’re probably looking at another $8 per month or so.
Evermore Provides Full WordPress Management
Evermore takes a different (and, we think, better) approach to managed WordPress.
You get everything I’ve listed above, rolled into one monthly fee ($50 or $75 per month). You have one point of contact for any questions you have, so you don’t have to figure out who will answer which questions. That can save you plenty of time and money on its own, but there’s more.
With Evermore, you choose from a curated selection of themes and plugins. We audit and test all the code that enters our ecosystem to ensure everything is not only working well, but that it’s as secure as it can be.
You would never have the issue of bad code being bundled with a theme in the first place, because we don’t allow poorly-coded themes in. You can activate our curated themes and plugins as you wish, knowing that everything has been taken care of.
Imagine having an expert, personal consultant from your hosting company and your maintenance company working together to ensure you have the ideal combination of design, functionality, performance, and security. That’s exactly what Evermore is for you.
The type of companies we mentioned above do provide a valuable service to the WordPress community, and there are some great ones. If Evermore isn’t for you and you want our suggestions, email me, and I’ll be happy to point you in the right direction. Otherwise, consider saving not only time and money, but peace of mind, by trusting experts with your website and shielding yourself from trouble.
You shouldn’t have to worry about malware. You should be able to focus on your business.