Is This Just An Upsell?

[jannmirch]

I am adding a wordpress install (2 ultimately) on a Network Solutions account for a client (which has been nothing but a PITA so far, but that's another story...) When I spoke with the rep he said they recommend getting an SSL for the site because wordpress is prone to getting hacked.

I've had WP installs for a number of other clients with another host and never heard of this before. What do you all think? Are they just upselling or is there something to this?

[wige]

I"m going to go with, yes, SSL is probably just an upsell. The attacks on Wordpress that are so well known at this point have tended to be attacks against the Wordpress framework. These vulnerabilities exist regardless of whether or not Wordpress is accessed over HTTP or HTTPS. The only possible reason for using HTTPS would be if the host will be creating a seperate install, away from the rest of your files. This would effectively quarantine your Wordpress install so that if it is compromised attackers would not be able to attack the rest of your site as easily.

It should be noted, however, that you may take a hit when it comes to SEO since Google does not like crawling encrypted content, and as a result your content may not be indexed as frequently if your Wordpress blog is only accessible over HTTPS. You may be able to accomplish a similar quarantine effect by putting the blog on a subdomain, without the encryption issues.

[jannmirch]

Thanks for the great summary. Especially with the SEO issue, which is a real concern for us at this point, I think I'll pass - even with their "promotional special".

[morestar]

Plus, remember, as you most likely well know, that for wordpress there are a few security plugins you could install that really help fight against spam and hacking issues.

The wordpress security scan plugin just for starters...

[claybutler]

I agree. Just an up sell. That's one of the problems with a company like Network Solutions. Their business model is based upon nickle and dimeing unsophisticated customers. I don't mean"unsophisticated" in a derogatory way, just that it's an uneven relationship when you just have to take someones' advice at face value...like when I go to the dentist and he tells me I have a cavity. Everything on Network Solutions' menu of add-ons is over priced. I like to get my clients away from them as quickly as possible because of all the hassles I've had dealing with them over the last seven years.

If you're looking for a change I recommend Web hosting provider - Bluehost.com - domain hosting - PHP Hosting - cheap web hosting - Frontpage Hosting E-Commerce Web Hosting Bluehost. I'm not an affiliate. Just a happy customer who hosts over 25 domains with them and have used and tested their tech support extensively. They know their stuff.

When you set up your WP blog the first three things to install are the Akismet, All In One SEO, and WP Backup plugins. Akismet will keep you nearly spam free, All In One SEO gives you total control over a post's SEO, and WP Backup can send weekly database backups straight to your email.

Happy blogging.

[compusolver]

Upsell! Ditch Network Solutions for GoDaddy. If you don't need handholding, HostGator.com has great *nix hosting.

[claybutler]

I'd put Godaddy in the same boat as Network Solutions. I move my clients away from them as well. Trying toget anything done with them is a chore or even impossible. They put some really weird restrictions on their hosting that someone like HostGator or Bluehost would never do.

Fine for domain registration but I would never host with GoDaddy.

[rackaid]

Jannmirch
This borders on just plain mis-information. Wordpress is predominately suspect to a class of attacks known as XSS or cross-site scripting attacks. (Cross-site scripting - Wikipedia, the free encyclopedia).

These attacks can be conducted through a site with SSL just as easily as a site without SSL.

The SSL cert simply encrypts data between your browser and the server. It does nothing to the data that is actually sent.

So if you can exploit wordpress remotely via HTTP you can also exploit it through HTTPS.

[fiddler]

I agree with moving your client away from Network Solutions. They are overpriced on everything, especially the domain names.

I use GoDaddy only as a registrar, and favor HostGator for hosting. I use to also use Enom for domain name purchasing, but they recently joined forces with BulkRegister, and I didn't like the prices BulkRegister were enforcing (gotta PAY to "belong"!). I don't mind paying for a discount/premium membership, but to have to pay for a membership, period, is ridiculous. So I've moved all my domains now to GoDaddy.

The Cpanel you get with HostGator hosting has been such a plus I can't imagine hosting a website without it now.

[jannmirch]

Thanks for all the info. After two days of nothing but aggravation I'm recommending the client switch hosts anyway. And Clay, I agree about GoDaddy. I have a couple of clients who use them and it's torture to deal with them.

If you can believe it it took them the better part of 24 hours to DELETE FILES! The BS the guy gave me on the phone was they had to change permissions and it would take a couple of hours to get through the queue.

I've used HostGator for years and have most of my clients use them too. And even though they say they don't support wordpress, anytime I've had issues with a WP database they've always been able to walk me through it.

Anyway, enough of my rant. Thanks for all your feedback and info.