We all love WordPress, but it’s been around for a long time. Its foundation was built when we didn’t have the same standards that we use today when deploying PHP applications. Modern conventions dictate that only the bare minimum of a site’s code is allowed to live in the “public” webspace (“webroot” in technical terms); unfortunately, the default method of installing WordPress puts everything – even the configuration file that contains your database credentials – in the path of web visitors.
Or, to put it simply…
Say you have a nice house with a fence around the yard. You and your family live in the house; it’s your inner sanctum.
Birds and squirrels visit your yard, and that’s all well and good.
But if you saw a strange person in your yard, your hackles would be raised and you might be phoning the police.
Outside your yard, maybe there’s a sidewalk and a street. These are public places, and it’s okay for someone you don’t know to be there. They can see the outside of your house, but they can’t see what – or who – is in it.
That’s kind of how it is with the web, from behind the scenes. We have things that we’ve purposely made for the public, and we have other things that they should never see.
Fences and doors
Webinology has started migrating qualifying sites to an alternative form of installation, one that follows newer standards. Our new method does just what we described in the previous paragraph: only the files that are required to be in the public webroot live there, and everything else is hived off to places impossible to reach via the web.
We’re not responsible if you chose to use “password74” as your password, or if you shared your account credentials with three coworkers last week. But with respect to the things within our control, we’re responsible for many aspects of your site’s security. It matters to us not only because we care about our clients, but also because it’s a badge of geek honor if we’re hard to hack.
These changes are a big step forward for us and for our clients, and it’s not something you’ll get with the vast majority of web hosting providers.
Want to know more?
We’re being deliberately sparse on details here because we have no interest in giving potential hackers a head start. For our clients, however, we’re more than happy to explain in greater depth. Contact us and we’ll be more than happy to provide a demo.