Concerned about the security of your website? Here’s what you need to know
Security concerns: WordPress vs. HTML websites
Website security is something you want to consider when building your website, especially if you plan to do ecommerce on your site. Getting your site hacked is no fun, but it does happen. If you listen to the news at all, you know that there’s no such thing as a truly secure website, even at the highest levels.
Some people in the IT world have expressed concerns about using WordPress for a business website. In most cases, the major security concerns can be eliminated by using secure passwords and site “hardening” that makes your site more difficult to hack. But in general, if security is a concern, HTML is considered a more secure platform for websites.
To have a truly secure site of any kind, you would need to host it on a dedicated server (a computer which has just your files on it.) This option is quite expensive, and not in the budget for most small business owners. Most people have a host like Go Daddy or DreamHost, which offer hosting packages on a “shared server.” With shared servers, if someone else is compromised, then it’s very likely you could be compromised too.
In all the time we’ve been working with websites, we’ve only had one site hacked, and that was an HTML site hosted on a reputable shared server. Our customer’s site and a bunch of others were hacked by some teenagers looking for attention. Fortunately, we had a back up, as did the host, so the site was quickly restored. The hacker’s goal? Get attention. “Look what we can do.” No long term damage.
Anyone can go online and download copy, images and ideas from a website through their browser. They can even copy your html files. That’s the nature of the open internet. But they can’t really get to your source files without the server login information. That’s where we take extra steps to protect the data. We also recommend that if you have a patent or product information to protect, you should add full copyright disclosure on your site to secure proprietary information.
Ecommerce sites usually have a database to store the product information. If you accept credit cards online, we recommend using a third party company (such as Paypal) which will actually process the sale in a secure environment. WordPress and HTML sites can be set up this way so that you’re not responsible for storing the customer’s credit card information.
Every site is vulnerable to attacks if a hacker has a reason. When considering how much to beef up your site security, the first question to ask is would someone be highly motivated to attack your site? If you’re a major retailer, a controversial political figure, or a bank, you may want to take every possible step to secure your site. If your answer is no, we recommend the less expensive option for hosting your website and use general best practices, plus a reliable backup system, to secure the site.
Here’s a couple of links that might be helpful: