Does WordPress keep getting hacked? Does your WordPress website keep getting exploited by hackers? Are you running out of options around keeping them away? Is your job turning into whack-a-mole, fighting relentless exploits that feel out of control?
If hackers are exploiting WordPress, you can either keep doing what you’re doing (Godspeed, you indelible warrior) or you can walk away from this problem entirely by walking away from WordPress. Yes, unfortunately the system you’ve grown to love may be the problem. And there are solutions, but you have to leave WordPress behind.
TL:DR; The only way to stop hacks from happening to your WordPress site is to move your site away from WordPress.
Why WordPress is vulnerable to exploits
WordPress is not designed for security. The code has a long history - all of which involves sometimes daily security patches to evolve past the latest vulnerability. All of its history involves the code being available to the world for free, and being in high demand due to its ease of onboarding content managers and new developers. Fast forward to today: hackers have about half the internet to target for exploits. They also have a skeleton key - the source code of their exploit target, where they can find vulnerabilities. There is a dark economy around hacking WordPress websites - lists of usernames and passwords for sale, teachers publishing known and discovered exploits on blogs, the sale of secret information like credit card numbers and very little by the way of punishment for pursuing this. leaving hackers from all of the world up to their creativity to find the next way in. My own personal experience includes seeing the aftermath of a WordPress website that was breached by an in-office windows computer using an exploit installed in the software of that machine! Overall, information from WordPress websites is in high demand. I’m so sorry you got caught up in this!
But open source is a good thing!
We agree - not all code can be hacked just because it’s read by a smart enough person. ExpressionEngine, for instance, is open source and has about six documented hacks in its lifetime. Still, WordPress remains a target for hackers who mean business. ExpressionEngine is too sturdy with a much smaller user base - it attracts a lot less nefarious attention and thusly it’s not a risk for ExpressionEngine, even as an open-source software.
WordPress hacks - moving on
You can have the exact same website in another content management system - without the exploits. Platforms designed for security like ExpressionEngine and Craft CMS carry all the capability of WordPress - after all, they sit on the very same PHP / Maria DB servers, operating on the same base technology. Your control panel will be quite different - and a developer (maybe you?) will need to set up a new content management system to model the content you have (likely Posts, Pages, Categories, Tags and a few other details coming from WordPress) and the front-end code will need to be migrated to the new Content Management System as well. If you’re doing this yourself, ExpressionEngine is going to be closer to WordPress when it comes to difficulty of setup and use. With the involvement of the terminal / command line, Craft CMS takes a lot more expertise and base know-how to set up.
Craft CMS’ Migrate from WordPress Plugin:
This plugin moves WordPress content into a Craft CMS site.
Installing ExpressionEngine for Security:
This step-by-step tutorial runs you through the ExpressionEngine installation process with extra security modifications baked in.
ExpressionEngine Datagrab plugin
This plugin moves content from a source feed into an ExpressionEngine website.
What you’ll love about your new CMS
Besides the abundance of headspace from not thinking about the next move to outsmart hackers, you may enjoy an uptick in performance speeds (sometimes leading to search engine boosts) or the discovery of new flexibility where WordPress conventions had been inflexible. You may enjoy the content model - where navigational items in the control panel organize around more than publishing types. You might like that your SEO plugin isn’t constantly trying to upsell you; it wasn’t free, but it is not a paid subscription. You may like that your add-on store is driven by problem solving and less by commercial competition and doesn’t contain any scam add-ons. You may like a smaller, more accountable user and developer community. You might start liking websites more and might enjoy your job again.
We specialize in WordPress migration
Need help with a little or a lot of this? Right away? Check us out and hit us up! We are practicing experts at the WordPress to ExpressionEngine process, the WordPress to Craft CMS process, and web design migration process in general. Caroline has extensively reviewed ExpressionEngine as a WordPress Alternative both in text and at EECONF 2020 live on screen. See our latest work in WordPress migration and get a quote - to continue your pursuit of web greatness without being vulnerable to hacks or security exploits.