I’m often asked why I host this Blog on WordPress.com – why I don’t self host, and maybe make a few dollars, while I’m at it, by running ads. So, I’ll start with the back-end first.
It’s not about money – far from it. I write this Blog to have a little bit of fun; to help keep my mind sharp (often a failing exercise 
) – and, to be part of a community which recognizes the need to educate computer users that the Internet is not all sweetness and light.
That’s the back-end – but, it’s the front-end that’s most important. WordPress does all the heavy lifting. All elements are taken care of: setup, upgrades, spam, backups, and site security. Site security might be last in the previous sentence but, it was the most important factor in my decision to use WordPress as my blogging platform.
Just a few of the security reasons:
Potential harmful activity is constantly monitored.
Blog PHP code can’t be modified.
Plugins can’t be uploaded.
JavaScript embed codes and CSS, are restricted.
I’m not suggesting that WordPress can’t, or won’t be hacked (nothing on the Internet is invulnerable to cyber criminals) – but, should sites hosted by WordPress.com fall to the bad guys, those of us who rely on WP, will at least have a fighting chance to recover. This is not always the case for self-hosted sites.
Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming. And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.
More particularly, according to the Commtouch/StopBadware report – “about half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.” Not a very effective method of discovering one’s site has been hacked. As opposed to WP’s – “Potential harmful activity is constantly monitored.”
Highlights from analysis of the survey’s responses include:
Over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.
Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened.
Twenty six percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.
Forty percent of survey respondents changed their opinion of their web hosting provider following a compromise.
The report includes several examples of hacked websites, as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised.
The following graphic illustrates why cyber criminals target web sites.
Courtesy – Commtouch
The full report is available for download (PDF format) at:
Bill Mullins' Weblog - Tech Thoughts 