This is a quick note to summarise changes in my hosting costs from March 2016. Having looked back over the past year I seem to have been busy every day, having spent an enormous amount of time doing web site work I was not being paid for. This is not because of any failure on the part of customers to pay, but due to the significant increase in security management work I have to do in the background, to keep everyone’s sites running sweetly. Articles such as this one from Sophos refer to FBI reports of religious fundamentalists using security holes to deface web sites, and this post from WordFence highlights how one hacker in Vietnam has created an “attack platform”, a whole arsenal of tool for attacking WordPress sites. There are many more similar stories and doubtless more still to be written – this issue has grown massively since I started focusing mainly on WordPress sites back in 2011/12.
You might wonder if it’s actually worth continuing to use WordPress as it seems to be such a popular target, but to ditch any content management system and revert to old-style HTML-and-tables web site construction, without the ability for the site owner to log in and change their own site, would very much be a step backwards. We would be back in the 2000s, and the “old days” of customers emailing or phoning to ask me to change this or that page on their site. It’s this browser-based “loginability” for the site owner, that attracts potential attackers.
I know that most of my customers have no inclination to manage their own WordPress installations, and most are unaware of the routine batterings their site is taking from automated bots probing for potential entry points (scroll down a little on wordfence.com to see a map showing a sample of this traffic in real time – and see a tiny extract of today’s log for this site in the image here). The fact that many WordPress site owners don’t consider site security is what makes it so appealing to hackers – WordFence Security tracks millions upon millions of attempted password breaches every day.
Fortunately for my customers, the basic WordFence system is running on all sites I maintain, and it’s always the first plugin I install. As new security threats arise, WordPress issues new releases and again I install these several times a year – some of the minor upgrades are automatically applied but others require manual intervention, and it’s these that take the extra time. I also have a number of customers who struggle with the required new 16+ character passwords including special characters, so often there is some password-resetting to be done along with helping customers to configure new user accounts, use password storing apps and such like. It’s really important to try to keep on top of this stuff as any security holes will be exploited and potentially affect other users of the same server as well.
From March 2016 I’m therefore increasing the annual WordPress hosting service cost to £240, for 200MB of space (now increased due to the ever-larger size of some WordPress themes being created by developers). This will now also include managing the new WordFence Firewall on your site, and for particularly vulnerable sites, a Premium WordFence key. This offers additional security for web sites such as checking against blacklists, spam prevention, and if necessary, entire country blocking (so if we want to stop all access from Vietnam or Ukraine, we can). The price increase is just the equivalent of a couple of hours’ system administration work for each customer over the whole year, plus the extra space and WordFence costs. Remember, if comparing with other WordPress hosts, a cheaper price may mean they expect you to manage your own security, rather than as I do, manage it on behalf of my customers.
At the same time, due to increased domain registration costs being passed on to me, the two-yearly fee for registration, management and hosting of domain names is going up to £90.
More details on the pricing page, meantime, if you have any questions about the security of the site I host for you – please drop me an email.