When inMotion Hosting Quarantined WordPress – What You Need to Know
The last few weeks have seen the world undergo a massive shake-up due to the Coronavirus (COVID-19) pandemic. While many businesses have been able to continue operating and many countries have been able to maintain some type of normality, many industries have been devastated by the pandemic.
One such industry is web hosting, specifically, the world of WordPress hosting. Even before the pandemic, cloud computing and managed hosting were the clear future of web hosting. However, even the most established hosting companies in the industry have been forced to pivot and adjust to the growing demand for S0GA (self-hosted WordPress blogs).
Why Has the Demand For Self-Hosted WordPress Blogs Exploded?
It all started with a simple question: What will my blogging platform look like?
In an average month, bloggers ask me this question roughly 20 times. The demand stems from the fact that there is no one-size-fits-all approach when it comes to creating a web platform for bloggers to blog on. You need to consider what kind of content you will be posting, how frequently you will be posting, and, most importantly, how you want your blog to look.
If you’re new to blogging, you should look at the Wordpress platform. With a free account, you can quickly set up a blog in less than five minutes.
There are a variety of reasons why the Wordpress platform is so popular. One of the main reasons is that it is extremely flexible and customizable. You can use a variety of plugins to further enrich your blog’s functionality. In addition, you can use various themes to completely alter the visual appearance of your blog. If you are looking for a robust blogging platform, Wordpress is the clear choice.
Quarantining WordPress Has Been a Major Challenge For Hosting Companies
One of the major problems that hosting companies face when it comes to quarantining Wordpress is figuring out how to handle all of the various updates that Wordpress automatically downloads. For instance, if you update Wordpress, you need to ensure that all of your sites, including the one being updated, are protected by the latest WordPress version.
Hosting companies typically deal with these types of issues by creating custom Wordpress distributions (sometimes called Wordpress varnishes) specifically for bloggers who want to use Wordpress but need some level of protection from malware and hacked websites. Wordpress distributions are completely isolated from the main Wordpress installation, so any vulnerabilities that arise in the Wordpress distribution will not affect your main site (unless you explicitly install a theme or plugin from the Wordpress distribution on your main installation). Finally, Wordpress distributions are updated regularly, so you do not have to worry about keeping your site updated manually.
What Should You Look Out For?
While manually updating your WordPress installations and ensuring that you are always protected from the latest security threats is one thing, you should also be aware of various attacks and security risks that are specific to Wordpress blogging. If you want to create a secure WordPress platform, here are some of the things that you should look out for:
Malvertising, Phishing, And Other Web Hacking Attacks
Malvertising, or malicious advertising, is one of the biggest threats specifically targeting Wordpress blogs. Malicious advertising often takes the form of a spear phishing attack or click-bait that encourages visitors to click on a link that will take them to a phishing site. Even worse, some malicious advertisers will set up a fake website that looks almost exactly like your actual blog or website, including the domain name and logo. They will then set up a traffic drop-spike that will slowly drain your bandwidth as you try to post, update, and respond to comments on your blog. Finally, because phishing attacks involve social engineering, they are often highly targeted towards specific groups of people such as executives, managers, and other business leaders.
Phishing, or fake online solicitations designed to trick users into providing personal or financial data, is also a big problem for Wordpress blogs. Similar to a spear phishing attack, a phishing attack will usually involve a lures (such as an email solicitation with a seemingly urgent threat or a request for account information) that are designed to bait the user into providing data. Interestingly, these threats often take the form of an online solicitation because, in today’s world, people do not simply dial up a telephone number and give it to a telephone sales person. Instead, they will often type in an email address or open an online browser and type in an email address to reach the person they are looking for. In other words, the world of cyber-criminals has changed, and hackers now seek to exploit these shortcuts.
Finally, web hackers (also referred to as script kiddies, script katzei, or just script kats) will sometimes set up a hidden script on a blogging platform that is used to access and manipulate data stored in a user’s browser. For example, a hidden script might include a back-connect function that submits order forms or downloads malware that targets Windows users. Luckily, these attacks are quite rare and, for the most part, easily detected by a technical team. Nevertheless, it is still highly recommended that you lookout for this type of threat and prevent any future attacks by removing all unwanted scripts from your blog’s source code.
Bruteforcing Blogs And Weak Password Protection
One major issue that you will encounter when running a Wordpress blog is that people will try to access your blog without authorization by using brute-force techniques. In other words, they will try to login with every possible password they can think of. A common form of brute-force blogging occurs when a hacker uses *nix brute-force tools to try to guess a user’s password or login id. *nix brute-force tools search for a username or password in a text file, applying searches to sub-files and sub-folders until either the user or the tool reveals the correct password or login id. In most cases, a single try of this type is sufficient to log into your blog. In other cases, it can take several attempts before you realize that the password you are entering is not working.