One thing you’ll see on every host that offers WordPress is claims about how secure they are, however they don’t put their money where their mouth is. When you dig deeper, if your site actually gets hacked they’ll hit you with remediation fees that can go from hundreds to thousands of dollars.
They may try to sell you a security plan that for example at Godaddy goes from $300 to $700 a year on top of your hosting. (Don’t be fooled by the low entry price, look at renewal.) It’s heartbreaking to hear stories of non-technical people forced into these high fees to fix something their host should have prevented in the first place.
When a host is powered by WP.cloud, it doesn’t need to do this because hacks are so incredibly rare. (That’s why it may appear more expensive, but the total cost of ownership or being a WP.cloud-powered host is much lower when you factor in human time.)
One problem we’ve had on WordPress.com is we do all these amazing things and don’t tell anyone about it, something we’re trying to change with our focus this year on developers and developer tooling. One great example is we’re so confident about our security, if your site gets hacked we’ll fix it for free! We’ve actually been doing this for the better part of a decade, just never mentioned it anywhere.
Pressable (which is WP.cloud-powered) does a better job talking about these things and has a nice landing page on malware cleaning and hack recovery that says essentially the same thing.
WordPress has done a ton over the years to move the hosting industry around upgrading PHP and MySQL, PHP extensions, free SSL, and in general using our clout to advocate for user rights and freedoms from even the largest hosting companies, and I’m proud to say there are a good number, for example the ones you see at WordCamps, that have not just embraced these values but actually been more commercially successful as they’ve done so. I hope security and auto-upgrades not just for core but for plugins and themes becomes the next standard. (Jetpack does this for free, some hosts charge $100/yr per site.)
Happened with me twice, and I got literally got no help. And my site got hacked not because there was a vulnerability at my end, but because their shared hosting server got hacked.
Not naming the host, but it happened.
Matt… this is what WP is all about. Kudos and onward.
Matt, do you remember in 2022 when WordPress.com changed its pricing to a single plan, the Pro plan? Thank you for providing a dedicated thread in the forum at that time to gather feedback from us, the WordPress.com users.
I appreciate that WordPress.com listened to those suggestions. In fact, I feel that all my feedback was addressed: creating a plan between the Pro plan and the free plan (Starter plan), setting pricing according to regions, offering monthly pricing, and providing à la carte options or add-ons (such as the option to add storage size)—everything was fulfilled. I’m very grateful for that.
When the pricing was reverted to the original structure, I’m still enjoying the legacy Pro plan. Thank you.
I’m fortunate to have planned wisely and all of the sites under my control over the last 15+ years avoided being hacked. I’ve fixed a number of hacks for others ober the years. Today, I personally update all my client sites individually and do not rely on auto updates or the roll back plugin. I feel that me being in tune to what is going on with those sites is important enough to DIY. And that’s why I pay more fory hosting plan to ensure I’m on a higher level of service than the shared resellers offer. Knock on wood, I’ve been able to avoid these issues and I’m able to clean a hack with instructions. I know many who have had to pay hosts who, like you wrote, are ultimately responsible for the intrusions. I’ll be bringing this up for discussion to our next WordPress Asheville Meetup a week from Tuesday.