[ad_1]
I have a few wordpress sites on our servers with a lot of content. We just had a site get cracked open, and they managed to infect all the other WP sites on our server as well, and these were sites that were current, with very few plugins.
If I move all the sites off our server and onto someone else’s shared wp hosting services (like a large name brand wp hosting service) are those services less likely to get hacked? I.e do they have security or other things that are better than just installing wp and keeping it up to date? Trying to ascertain if moving wp to someone else’s professional hardware is better, or if I should just move of wp entirely.
[ad_2]
Ideally if you have a single server/vps you would split it up in parts so if one gets cracked the other one doesn’t the same applies for shared hosting. So technically it’s about as safe, big parties do however more like file scanning etc, so if you don’t have the skills to setup your own vps, i would advice to use shared or managed vps hosting.
Shared hosting is MORE prone to hacking, as shared hosting will generally include all the websites in your account as a single Linux user.
A correctly configured web server should place each site in its own pool with its own Linux user.
Technically NO, there is basically no transparency on your end what is happening on the backend.
However if you do not have knowledge of managing hosting servers, a shared hosting would be safer for you. Just make sure to go with reputable ones, where you trust them enough to disclose those events publicly, which they should by most western country laws.
No. It can depend on what kind of security features the host offers.
I had similar problem.
We had about 10 websites and 7 were wp site and rest plain html sites.
Our one wp got infected, and it infected the whole server including all wp site and html site.
Contacted provider too, but they couldnt help.
Had to manually clean all of them, delete old version plugin and separated the server.
As long as WordPress allows writable, its hackable. There is a way to prevent most security problems that if you adopt headless CMS and consider use web framework.
You would look at LXD as a way to for such site that can’t be spread when one site get hacked, in cPanel that use KVM, so one site one KVM. That’s costly.
Some of the WordPress specialist hosts will containerise your site (includes not sharing the database which is one of the main reason shared hosting can cause so much havoc!). And run malware and antivirus and firewalls all tuned for WordPress to reduce the possibility of being compromised.
I personally use Wordify for a number of sites, and never had a problem. My sites run on aws (there is a Google cloud option too), and use the included bunny.net cdn capibikity, and they have a cache system built in also. Easy, well priced and the support team have always been fast and helpful.
Yes and no depends on how server configuration is set.
Hack can either happen from any site on the server (i believed most top hosting companies already have sorted out this issue) or it can happen from the pool of your sites hosted on same account.
Here’s the solution to your problem:
If you have enough budget then go for your own server + get cloundlinux + some malware scanner/stopper such as bitninja or immunify360. This option is only recommended if you know how to manage server.
Then there’s reseller hosting. You need to enquire and see if they have cloudlinux. Maybe look at a2hosting.
Now I am not expert but I believe cloudlinux is what’s going to solve your issue as it separates each user account.
Any server requires good security firewall, malware scan and most important for wordpress is to keep it updated including plugins and avoid unused pulgin, using generic pulgins is also important.
This is a very simplified question that has a more lengthy answer.
So shared hosting has all the server security side of things taken care of. The host maintains the actual server and every custom gets their own user account on the server. Most hosts use something like CloudLinux to provide isolation between users on the same server. This isolation is so effective that even if one customers site gets hacked, it wouldn’t impact the others on the same server because of this isolation.
A VPS CAN be ‘more secure’ since you have the ability to completely harden the server to the maximum with things like disabling unused services to decrease attack surface, having less ports open, restricting admin management ports (such as SSH) to your IP address. However, shared hosting is always going to be infinitely more secure than someone inexperienced trying to setup a self-managed VPS since you would be responsible for securing your own server. You have to know what you’re doing and if you don’t know what you’re doing, going with either a shared host or fully managed VPS host is the best bet.
But website security actually has nothing really to do with your host. As long as your host is competent and is using standard security measures and running the latest software, it doesn’t matter which host you use from a security standpoint. Most of the time when a WordPress site gets hacked, it’s almost always someone using an outdated, cracked, and/or sketchy plugin or theme. It’s very unlikely that you would be hacked from your host, unless it’s a very terrible one.
There are better self hosting solutions such as plesk w/ wptoolkit that isolates each wordpress instance so they can’t cross infect. Managed WP hosting will do a better job with AV software and updates as well if you are not on top of it. They tend to have individuals who specifically fix hacked sites. Restoring without knowing how they infected you more than likely means another hack in your future.
Shared hosting is generally more secure than doing it yourself as we have more security than your $5/mo VPS.
Ie: modsec, firewalls, immunify, staff to monitor servers, backups
Setup multiple sites under the same cPanel account using my add on domains, than absolutely 1 site can infect the rest.
Very unlikely one cPanel account will infect the entire server.