Since its initial launch in 2003, when Matt Mullenweg and Mike Little created a fork of b2/cafelog, WordPress has become one of the most used blogging tools in the world. As of January 2015, it was thought that something like 20% of the world's most visited sites had been developed using the tool... a tool which, let's not forget, was designed purely to let people create online blogs.
Through years of development and constant improvements, coupled with a fantastic open-source culture, (which in itself has spurred a huge community, or army, of bedroom-coders and commercial organisations alike), this free blogging tool has become one of the most feature-rich and flexible web development systems on the planet. If you have a neat idea for a widget that would look great on your website, you can bet someone has already created a plug-in for it. The market of both free and commercial plug-ins is enormous, boasting nearly 40,000 unique widgets, plug-ins and tools for instant download and installation.
...but, as is true for pretty much any platform which is well adopted, WordPress started to become a key target for many hackers and exploiters. By 2007 the user base had grown to such a degree that it became a worthwhile target... the theory being that because the codebase was the same for all sites currently live on WordPress, if a back-door or exploit could be found, it could mean a big prize of thousands of sites becoming easy pickings for hackers, with minimal effort.
And so it was that by the middle of 2007, a study showed that a whopping 98% of sites running WordPress were exploitable due to out-of-date versions and a complete lack of patch/upgrade philosophy being adopted by most webmasters. The misguided belief was that you could build and release a website using WordPress and then leave it for years without a care in the world for updates or security patches. This was basically an attitude that led to the downfall of many a blog as exploits became well publicised but webmasters failed to do anything about it.
By December 2008, the WordPress codebase had been significantly improved in a bid to protect its users from these exploits by making the system much easier to update, but the very thing that has driven the success of WordPress over the years, (its community of plug-in builders), is also one of the main reasons why so many sites have become vulnerable over the years. As recently as 2013 a survey showed that 7 of the 10 most used e-commerce plug-ins were vulnerable to attacks such as SQL injection... not a good show if you're planning to setup a business on this framework!
It became all too clear that whilst the platform itself offers many shiny reasons to be used, it should only be done so whilst showing the level of respect for the internet's underworld, that it commands. The WordPress codebase must be updated regularly to ensure you get all of the released security patches and upgrades BUT maybe more importantly, the plug-ins and widgets that you or your web developer has chosen to use must also be updated on a regular basis.
It would be simple to adopt the attitude of, "Well I paid my web developer to build my site, so surely they should be maintaining it forevermore and fixing all these issues as they arise", but we're fairly certain this will just lead you down a very dark alley. Most web developers will base their charging model upon hours spent in the development lifecycle, and rightly so. Once the site is signed-off and launched, the developer is very rarely responsible for ensuring it stays healthy, unless a specific on-going maintenance plan has been negotiated up-front.
So then you could turn to the hosting provider, (normally a company recommended by the developer but with no affiliation or association), but they will most likely just shrug and say, "you need to speak to your developer about things like that, we only host it."
And that's where we come in...
Our entry level WordPress Hosting package includes nightly backups to disparate hardware, ensuring that in the event of any service disruption caused by errors made in the administration of the site; attacks made possible due to out-of-date versions; or simple hardware failure; we will be able to restore your site back to the state it was in, before the problems were discovered.
We support three versions of PHP, Apache and MySQL at any one time, ensuring that we can cater for all versions of WordPress and any other CMS system built upon these three key platform requirements. Oftentimes PHP features or functions are deprecated due to security concerns or just pure 'because we can' attitudes within certain ranks. These changes can cause serious issues with sites that were built using features that were, at the time, considered perfectly fine to use and so we ensure backwards compatibility with at least 2 older versions of all 3 technologies, so you can choose which platform your application will be hosted on.
The main datacentre is located within a 25 acre ring-fenced Research Centre at the heart of the Kent Science Park. Physical security features include razor-wire fencing to all boundaries and a bullet-proof/blast-proof security gatehouse. Surveillance measures include 24x7 manned security and extensive CCTV monitoring. As for the datacentre itself, this has electronic locks linked to a central COTAG card access system. Issue of cards is controlled, and all access to the datacentre is recorded.
To help ensure your site and therefore your business 'stay up' and operational 365 days a year, we offer what we affectionately call the Belt Hosting package, which not only includes nightly backups but additionally ensures that the WordPress codebase and all installed plug-ins are up-to-date, never more than 1 month behind the release curve.
These patches and upgrades are essential to ensure your site is always as secure as possible and can stand-up to any publicised exploit that becomes an issue throughout the annual hosting lifecycle.
Our team will manually check your site on a monthly basis and where required install any new plug-in or codebase updates, (we will request you create a full-permissions user for us, to use for this purpose). Before we do this however, we will create a test version/replica of your site and apply all updates to this version, giving us a chance to check that all version upgrades are compatible with your site and don't break the theme, (for example).
Only once we can see the site is not ill-affected by the upgrades will we then apply them to the live site.
An update email is then sent to the administration email address of your choice, with a breakdown of what updates have been installed and/or what updates haven't been installed due to detected incompatibilities. This will then ensure your web developer can be made fully aware of any theme or content issues that are beyond our remit.
OK, so the analogy is wearing a bit thin by this stage, but you can see what we're getting at! In the full-fat belt & braces hosting for WordPress we will apply all of the features as listed above but with the un-matched, (as of June 2015), addition of full security reporting and penetration testing. So whereas the Belt Hosting package is great if you just need to ensure you are applying any fixes and patches that the developers make their user-base aware of... this package actively tests and scans your site for vulnerabilities, each and every month.
We run a suite of tried, tested and respected, (in the industry), applications that will check your site from both the back and the front doors... this means that not only do we run scans against the site via standard HTTP protocols, (outside, looking in); we will also run tests from within your web server's O/S to assess whether there are any security issues throughout the entire application, (including, but not limited to: SQL injection, CSRF, LFI, RFI and XSS tests.)
The reason this level of security is worth the extra cost is simply based on the fact that not all plug-in developers will be aware of vulnerabilities until they are notified... and even then, they may not be very timely in their approach to fixing those issues. We make you aware of those issues so that you can approach your web developers, possibly with a view to swapping the offending plug-in for another, more pro-actively updated plug-in.
In short, we aim to make your life on the internet a comfortable one. We take the headache out of managing WordPress so that you can get on with what you're good at... and the developers can get on with what they're good at.
At these prices, it's one of the best value pseudo-insurance policies you'll ever have!
About UsWho we are, where we came from and where we're heading.
ServicesThe complete lowdown on everything we do.
NewsSee what's going on inside WebStores HQ.
Existing clients are given additional contact details but if you aren't already with us and wish to contact us, please use one of the following methods below:
Visit us. Only by appointment, to avoid disappointment:
WebStores (UK) Ltd.
Stonecross Business Centre
Phone: 0330 043 0159 (Local Call Rate)
Fax: er, no.