There has to be many web hosts who absolutely regret WordPress ever made its appearance and I don't blame them. Particularly since WordPress is attracting so many novices who don't have a clue about how vulnerable the script is for hacking. In addition, WordPress doesn't seem to take the responsibility for ensuring the safety and security of the use of WordPress. Not WordPress only, but also Joomla and Drupal are turning into great headaches for hosting security.
What I can't understand is why not make it compulsory to have at least one of those security plugins included with WordPress by default? We get Akismet and Jetpack - but no defense for login attacks. Surely that is a necessary and not a luxury plugin to have? Also why make it optional for WordPress script to be updated? If Spamhaus makes a hard and fast rule to blacklist an IP for having an infected plugin on its Website, why can't servers make it compulsory for Wordpress Website owners to have their WordPress script, themes and plugins on automatic updates?
Would be equally wonderful if WHM makes SpamAssassin enabled by default instead of disabled by default. Again something that is not a luxury any longer. Particularly in the face of backdoor infections where rogue bots are taking control of system mail and using it as a launching pad of hundreds of spam mails to the rest of the world.
I feel that Webhosts should make a stronger stand for tightening up on WordPress, Joomla and Drupal security requirements.
0 blog comments below