Hacked sites: why I now use ManageWP
A little while ago I had one of my sites hacked. The amount of time, and therefore money, as well as blood, sweat and tears that went into fixing the site was unbelievable.
A few months after that, another one of my sites got hacked. With this one I at least knew the cause of the hack: outdated, well, everything! It looked like there wasn’t a plugin that didn’t need an update, the theme and WP itself certainly needed one!
That particular site was one I created a while back with good intentions of turning it into the next big thing. As happens, other work, life, and other projects took precedence and this tiny little WP site got promptly ignored for a long time. Because of this, nothing got updated.
At least fixing the hack on this one was simple: I deleted the site!
Not long after that, yet another of my sites got hacked. Once more this was a site of good intentions that never happened, though it had more content on it meaning that my delete the site trick wouldn’t work so more time and energy got devoted to that.
A saviour?
It was about this time that I decided enough was enough. I couldn’t keep track of the numerous sites I have and keep them up to date, especially with the frequency of WordPress and plugin and theme updates.
I had used ManageWP a while back, when I had much fewer sites and while it was good, it was still in its infancy. I knew that something like ManageWP would be needed in order to track everything and make sure updates happen in a timely manner.
I decided to have a look at a few of the different services available that handle managing multiple WordPress installations, the key players being: InfiniteWP, CMS Commander and ManageWP.
InfiniteWP
This product has a few advantages off the bat, well one in particular: it’s free! You can’t beat free that’s for sure.
The downside came with the program installation. It looked overly fiddly and complicated for me, someone used to this sort of thing, let alone someone who struggles with WordPress itself.
You need to download, install it on your server directly, set up cron jobs. That being said, once it’s done, it’s done, and adding sites to monitor to it is as easy as adding a plugin.
I suppose you could argue that for free, it having a bit of complicated set up isn’t a bad thing.
It certainly has a large and dedicated following, so perhaps one day I will give this one the attention it deserves.
CMS Commander
Like ManageWP, I tried CMS Commander when it first came out and it was OK, but it was also fairly new so rough around the edges.
The great thing about CMS Commander is that it is fully based in WordPress, even the site you log into to manage everything is a WP site. You gotta love that.
In a lot of ways I find CMS Commanders user experience to be better than ManageWP’s – it’s comfortable, and easily understood because of being built on WordPress. It makes finding things and updating things just that much easier.
The service still has a focus on auto blogging, with the ability to generate content from a wide range of sources. Some people might get a kick out of that, but I see it as unnecessary when all I want to do is manage my websites.
ManageWP
By now you probably have realised that I settled on ManageWP. I liked how easy it was to get going: log into my site, install a plugin, add the site to the ManageWP dashboard and away it goes.
You can even install the plugin from the ManageWP dashboard if you like.
The pricing is pretty good, though CMS Commander may have a slight edge as it keeps it simple: all features, just pay by site amount. Whereas ManageWP has a slightly more complex pricing system, it does mean if you don’t need all the features you don’t have to pay for them.
Unlike CMS Commander, ManageWP gives you a freebie in that subdomains (test.yoursite.com) don’t count towards your maximum site quota, meaning you don’t pay for them. This is great if you have a few sites with multiple subdomains like I do.
These aren’t perfect
While services like these are useful, they aren’t perfect, especially if a premium plugin or theme doesn’t follow WordPress standards. For instance, I use the normally excellent Themify themes. The problem here is that they require you to visit the options page, click a link and login in order to update. ManageWP and its ilk cannot handle this complexity.
This is more of a Themify issue than any website managing system, but its the perfect example of why you cannot fully rely on services like ManageWP. You must still make sure to audit your sites regularly.
Another example of why 100% reliance on this type of service isn’t advisable:
I recently went to check a site to see how the traffic was doing and discovered that there was an upswing in traffic (always nice!). However the traffic was weird. 100% of them landed on the front page and that’s as far as they went.
Checking the site showed the problem, the caching plugin had gone haywire so there was no CSS formatting the site: it was just about usable but to an average visitor, it was broken.
You can see then that while services like ManageWP are invaluable to anyone with multiple sites to maintain, you should plan to manually audit the sites on a regular basis, just to make sure that nothing has gone wrong that ManageWP can’t detect. You can even do this direct from the ManageWP dashboard.
The bottom line
If you have multiple WordPress websites, then I would strongly recommend getting access to a system to manage them.
All 3 of the systems listed have pros and cons, and while I would recommend ManageWP, all that really matters is that you have something to keep your sites up to date and therefore that little bit more secure.
Since re-opening my ManageWP account and actively using it to maintain my sites I have, touch wood, not had any other incidents.
Of course, even making sure your sites are up to date doesn’t fully rule out being hacked, but it sure as hell reduces the possibility!