Hacking at wordpress.com?
-
Hi,
I am currently running a WordPress installation with another host. Every year or so it seems the site gets hacked, despite my best effort (I’m not a professional webmaster, just an artist). And then my site hosting service starts sending all sorts of friendly but scary e-mails etc saying that the problem is mine to solve. Soooo, I’m thinking of going with the WordPress.com business level paid service.
My question: If I have just one user at the site and it gets hacked, who has to deal with it? Does WordPress.com keep backup, etc and all that stuff? I’d love to get to the point where I just work on content *only* and the pros handle all the backend work.
Second question: If the hacked files affect just the WordPress standard files and not my stuff can I just shift things over to you without having to debug my existing site?
Feel free to contact me directly.
–Darin
-
Hi there, you’ll want to have a look at the differences between WordPressdotcom and standalone WP so that you can make the best choice for your needs: https://en.support.wordpress.com/com-vs-org/
As far as security on WordPressdotcom, the only real problem here is when users do not engage in best practices. More about that here: https://en.support.wordpress.com/security/
When you import your standalone site to WordPressdotcom, you can only import your site’s content (posts, pages, comments, etc.), no custom theme, scripts, bespoke code and the like. More about that here: https://en.support.wordpress.com/moving-from-self-hosted-wordpress-to-wordpress-com/
Concerning your other questions, I’ve tagged this thread for Staff.
-
Hey justjennifer,
Thanks for your quick reply. I did happen to read that same page just before I posted–on my “.org”. Looks like I may be on the right track!
I use a “Safari” automatically generated password that is more complex than anything I’d ever invent on my own. The host support folks suggest that an out of date installation (I have several sites, some semi dormant) or an out-of-date of date plug-in is the source of my trouble. Of course, no one knows and this keeps happening….seems impossible in practical terms to stay on top of all of this.
Thanks,
–Darin
-
Hi Darin!
My question: If I have just one user at the site and it gets hacked, who has to deal with it? Does WordPress.com keep backup, etc and all that stuff? I’d love to get to the point where I just work on content *only* and the pros handle all the backend work.
We keep backups and we manage all the site backend so you can only worry about your content, however we expect you will take care of your password as it is the utmost security factor between you and a hacker. As justjennifer had highlighted (thank you!), the best practices for security are in that support page she linked. We will only restore sites backups if the security breach was due to our fault, we don’t do that by request.
The host support staff is right: outdated software is a an open door for hackers. Every WordPress release has many security fixes for known issues. If you run an old WordPress version, people knows what are its vulnerabilities and how to explore them. To stay on top of this you need to update all your WordPress installations and plugins. If you think that’s too much, then I think WordPress.com is a good choice for you, as you won’t need to worry about it.
If the hacked files affect just the WordPress standard files and not my stuff can I just shift things over to you without having to debug my existing site?
Yes, you can export your WordPress site and import it here. If there’s anything wrong with it, the import will fail and you can ask our help to see what happened with the import.
This support page explains how:
https://en.support.wordpress.com/import/coming-from-self-hosted/Cheers!
- The topic ‘Hacking at wordpress.com?’ is closed to new replies.
WordPress.com Forums 