Discussion:
Recommendations for an affordable, SECURE, WordPress host
m***@hushmail.com
2013-09-04 21:05:32 UTC
Permalink
I need a recommendation for a secure and affordable host ASAP. My
current host was hacked, some idiot replaced the 404 template on my
theme. It wasn't too bad but I lost all trust in my current host and
want to move as soon as possible. I am on a bit of a budget though.
Apparently this host I have now was just too cheap to care though.
Micky Hulse
2013-09-04 21:10:54 UTC
Permalink
I'm a huge fan of http://webfaction.com (no affiliation, just my
current hosting company of choice).
William Satterwhite
2013-09-04 21:13:11 UTC
Permalink
http://www.tigertech.net/
Post by Micky Hulse
I'm a huge fan of http://webfaction.com (no affiliation, just my
current hosting company of choice).
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
Hunter Satterwhite
http://linkedin.com/in/hsatterwhite
(252) 762-5177
Josh
2013-09-04 21:17:23 UTC
Permalink
Big second to this one. They're great.
Post by Micky Hulse
I'm a huge fan of http://webfaction.com (no affiliation, just my
current hosting company of choice).
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
m***@hushmail.com
2013-09-04 21:20:09 UTC
Permalink
That looks quite interesting. It mentions SSH access. Is it a VPS?
Seems kinda cheap for a VPS and I question the security of a shared
server with SSH access.
On 9/4/2013 at 2:17 PM, "Josh" wrote:Big second to this one. They're
great.
Post by Micky Hulse
I'm a huge fan of http://webfaction.com (no affiliation, just my
current hosting company of choice).
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Micky Hulse
2013-09-04 21:31:24 UTC
Permalink
Post by m***@hushmail.com
That looks quite interesting. It mentions SSH access. Is it a VPS?
Seems kinda cheap for a VPS and I question the security of a shared
server with SSH access.
This is an older article, but it seems to answer your question:

<http://www.ravelrumba.com/blog/webfaction-web-host-review/>

Since that article is older, I know WF has improved since then.

For me, the price was perfect and I have no complaints (been with them
for 'bout 3 years).

I guess you'll have to weigh your options though ... If you have any
specific questions, they are very responsive:

http://community.webfaction.com/
http://docs.webfaction.com/user-guide/help.html

Good luck!
Josh
2013-09-04 21:35:52 UTC
Permalink
I've been hosting sites with them for a number of years now and this hasn't been an issue for me.
Post by m***@hushmail.com
That looks quite interesting. It mentions SSH access. Is it a VPS?
Seems kinda cheap for a VPS and I question the security of a shared
server with SSH access.
On 9/4/2013 at 2:17 PM, "Josh" wrote:Big second to this one. They're
great.
Post by Micky Hulse
I'm a huge fan of http://webfaction.com (no affiliation, just my
current hosting company of choice).
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
m***@hushmail.com
2013-09-04 23:52:25 UTC
Permalink
I got a very quick response from their sales team. So since it also
has a 60 day money back guarantee I tried it. So far it seems really
nice.

On 9/4/2013 at 2:11 PM, "Micky Hulse" wrote:I'm a huge fan of
http://webfaction.com (no affiliation, just my
current hosting company of choice).
Micky Hulse
2013-09-05 00:49:39 UTC
Permalink
Post by m***@hushmail.com
I got a very quick response from their sales team. So since it also
has a 60 day money back guarantee I tried it. So far it seems really
nice.
Wow, that's cool! I don't think you will be disappointed.

Have fun!

Cheers,
Micky
m***@hushmail.com
2013-09-05 01:54:39 UTC
Permalink
Another thing I am looking into to help catch this kind of thing
sooner in the future is to run this plugin, or something like it
http://wordpress.org/plugins/wordpress-file-monitor-plus/

Anyone have any experience with this. Any other recommendations for
security plugins?
On 9/4/2013 at 5:50 PM, "Micky Hulse" wrote:On Wed, Sep 4, 2013 at
Post by m***@hushmail.com
I got a very quick response from their sales team. So since it also
has a 60 day money back guarantee I tried it. So far it seems really
nice.
Wow, that's cool! I don't think you will be disappointed.

Have fun!

Cheers,
Micky
Nikola Nikolov
2013-09-05 06:52:05 UTC
Permalink
I would recommend you Wordfence Security -
http://wordpress.org/plugins/wordfence/ . Besides monitoring for changed
files, it also can send you emails when an admin user logs in, when a
theme/plugin/WordPress needs an update and lots of other things.

I'm pretty happy with the free version for now.
Post by m***@hushmail.com
Another thing I am looking into to help catch this kind of thing
sooner in the future is to run this plugin, or something like it
http://wordpress.org/plugins/wordpress-file-monitor-plus/
Anyone have any experience with this. Any other recommendations for
security plugins?
On 9/4/2013 at 5:50 PM, "Micky Hulse" wrote:On Wed, Sep 4, 2013 at
Post by m***@hushmail.com
I got a very quick response from their sales team. So since it also
has a 60 day money back guarantee I tried it. So far it seems really
nice.
Wow, that's cool! I don't think you will be disappointed.
Have fun!
Cheers,
Micky
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Marko Heijnen
2013-09-05 06:57:00 UTC
Permalink
When you do using wordfence. Please watch out with the settings you are using. The real-time view can really kill your server.
Post by Nikola Nikolov
I would recommend you Wordfence Security -
http://wordpress.org/plugins/wordfence/ . Besides monitoring for changed
files, it also can send you emails when an admin user logs in, when a
theme/plugin/WordPress needs an update and lots of other things.
I'm pretty happy with the free version for now.
Post by m***@hushmail.com
Another thing I am looking into to help catch this kind of thing
sooner in the future is to run this plugin, or something like it
http://wordpress.org/plugins/wordpress-file-monitor-plus/
Anyone have any experience with this. Any other recommendations for
security plugins?
On 9/4/2013 at 5:50 PM, "Micky Hulse" wrote:On Wed, Sep 4, 2013 at
Post by m***@hushmail.com
I got a very quick response from their sales team. So since it also
has a 60 day money back guarantee I tried it. So far it seems really
nice.
Wow, that's cool! I don't think you will be disappointed.
Have fun!
Cheers,
Micky
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
J.D. Grimes
2013-09-04 21:20:57 UTC
Permalink
I just want to note that there are lots of other things that can attribute to insecurity, not just your host. Are you sure that this wasn't caused by a vulnerability in the theme, or one of the plugins that you are running? Not saying that it wasn't your host's fault, but don't think that just because you got hacked it means your host is bad. Of course, their response says a lot about how much you can trust them to be there for you. If they didn't seem to care, then by all means, switch hosts.
Post by m***@hushmail.com
I need a recommendation for a secure and affordable host ASAP. My
current host was hacked, some idiot replaced the 404 template on my
theme. It wasn't too bad but I lost all trust in my current host and
want to move as soon as possible. I am on a bit of a budget though.
Apparently this host I have now was just too cheap to care though.
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
m***@hushmail.com
2013-09-04 21:24:57 UTC
Permalink
I can tell from the logs one of their other customers exploited their
server to access my theme files. My hosts response...we terminated the
offending account.

On 9/4/2013 at 2:21 PM, "J.D. Grimes" wrote:I just want to note that
there are lots of other things that can attribute to insecurity, not
just your host. Are you sure that this wasn't caused by a
vulnerability in the theme, or one of the plugins that you are
running? Not saying that it wasn't your host's fault, but don't think
that just because you got hacked it means your host is bad. Of course,
their response says a lot about how much you can trust them to be
there for you. If they didn't seem to care, then by all means, switch
hosts.
Post by m***@hushmail.com
I need a recommendation for a secure and affordable host ASAP. My
current host was hacked, some idiot replaced the 404 template on my
theme. It wasn't too bad but I lost all trust in my current host and
want to move as soon as possible. I am on a bit of a budget though.
Apparently this host I have now was just too cheap to care though.
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Patrick Laverty
2013-09-05 18:50:01 UTC
Permalink
Post by m***@hushmail.com
I can tell from the logs one of their other customers exploited their
server to access my theme files. My hosts response...we terminated the
offending account.
Sounds like that host was vulnerable to the symlink hack. I don't know this
for a fact, but if accounts are not properly jailed off from each other,
this is certainly possible.

http://thecybersaviours.com/wordpress-hack-through-symlink-bypass
m***@hushmail.com
2013-09-06 04:42:57 UTC
Permalink
The host has no clue what he is doing. Its clear to me know its just a
one man show by someone with no real skills. I should have known
better with how cheap it was, but I needed a host quickly and
inexpensively. This was a case of I got what I paid for. I even
prepaid for a full year because it was such a good deal. BAD MISTAKE.
He won't even give me a prorated refund due to the circumstances.

Moral of the story, STAY AWAY from ideastack.com.

On Thursday, September 05, 2013 at 11:50 AM, "Patrick Laverty"
Post by m***@hushmail.com
I can tell from the logs one of their other customers exploited their
server to access my theme files. My hosts response...we terminated the
offending account.
Sounds like that host was vulnerable to the symlink hack. I don't know
this
for a fact, but if accounts are not properly jailed off from each
other,
this is certainly possible.

http://thecybersaviours.com/wordpress-hack-through-symlink-bypass
Guus (IFS)
2013-09-06 05:09:27 UTC
Permalink
Better focus on the good. I am using different hosting providers and they
all did an do a good job: Hostgator, Bluehost and Lypha.

Bluehost has their own modified version of Cpanel which you may like or not.
I had some issues with Lypha in the past, but who doesn't make mistakes and
I'm still with them and had no problems for the last two years or so.

----- Original Message -----
From: <***@hushmail.com>
To: <wp-***@lists.automattic.com>
Sent: Friday, September 06, 2013 12:42 PM
Subject: Re: [wp-hackers]Recommendations for an affordable, SECURE,
WordPress host
Post by m***@hushmail.com
The host has no clue what he is doing. Its clear to me know its just a
one man show by someone with no real skills. I should have known
better with how cheap it was, but I needed a host quickly and
inexpensively. This was a case of I got what I paid for. I even
prepaid for a full year because it was such a good deal. BAD MISTAKE.
He won't even give me a prorated refund due to the circumstances.
Moral of the story, STAY AWAY from ideastack.com.
On Thursday, September 05, 2013 at 11:50 AM, "Patrick Laverty"
Post by m***@hushmail.com
I can tell from the logs one of their other customers exploited
their
Post by m***@hushmail.com
server to access my theme files. My hosts response...we terminated
the
Post by m***@hushmail.com
offending account.
Sounds like that host was vulnerable to the symlink hack. I don't know this
for a fact, but if accounts are not properly jailed off from each other,
this is certainly possible.
http://thecybersaviours.com/wordpress-hack-through-symlink-bypass
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Tom Barrett
2013-09-05 07:06:30 UTC
Permalink
I recommend getting a sysadmin, or similar, who can build from VPS for you.

// Sent by Nexus
Post by m***@hushmail.com
I need a recommendation for a secure and affordable host ASAP. My
current host was hacked, some idiot replaced the 404 template on my
theme. It wasn't too bad but I lost all trust in my current host and
want to move as soon as possible. I am on a bit of a budget though.
Apparently this host I have now was just too cheap to care though.
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Mario Peshev
2013-09-05 07:19:46 UTC
Permalink
The GoGeek plan of SiteGround -
http://www.siteground.com/wordpress-hosting.htm - Managed hosting with all
the other perks of regular one (ssh, email etc) plus extensive security.


Mario Peshev
WordPress Engineer, Open Source Consultant
http://www.linkedin.com/in/mpeshev
http://me.peshev.net
Post by Tom Barrett
I recommend getting a sysadmin, or similar, who can build from VPS for you.
// Sent by Nexus
Post by m***@hushmail.com
I need a recommendation for a secure and affordable host ASAP. My
current host was hacked, some idiot replaced the 404 template on my
theme. It wasn't too bad but I lost all trust in my current host and
want to move as soon as possible. I am on a bit of a budget though.
Apparently this host I have now was just too cheap to care though.
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...