So over the weekend i got an email from my dad, in it was the login and username for the Cpanel of my grandfathers website. So i decided to login and install WordPress because he only had a simple HTML site. I thought man i could install a free or premium theme and really get his site going. 2 minutes later before i had even had a chance to make a copy of the content, i accidentally DELETED EVERYTHING! i was FO-REAKING out at this point. i just deleted my grandfathers website and i had no idea if the hosting Company had a backup.
I’d like to share the email exchange between me and my gramp’s hosting company (BigRed web services) that followed, keep in mind they had no idea who i was, i only had access to a basic Cpanel, and i did not have access to their support channel, so when they got my emails crying for help with the subject line ‘I just deleted my grampses website by accident, please help’ they must have been what the hell? who is this hacker wanna be? little did they know i was dead serious and i was no hacker, i was crying like a little school boy who had just crashed his grandads old, bright red sports car.
The conclusion to my story ‘A Tale of Two Web Developers’ basically sees me making a kick ass WordPress website in the same time it takes a small web host to restore an old html only driven website. Giving my gramps a serious competitive edge in his line of work, because his website is now responsive and he can maintain it himself, cutting down on costs and returning high value to my gramps.
Before you read the email exchange below a little background info on my gramps. My Grandfather is an amazing business man and entrepreneur. He has owned two bakeries and a Computer repair shop both of which he sold and retired from well over 15 years ago.
During that time he helped the baking industry innovate with new hardware for the bakehouse (machines to make bread) and new software for cost and productivity purposes (programs to help make money). No other bakery was doing this, especially not in the small little Australian town not far from Glenrowan, VIC (ever heard of that?), and they probably thought he was wasting his time, boy they knew they were wrong when they saw his success, but damn, they must know they are so wrong now they are probably getting their grandchildren to kick them. updating is the way of the future, innovate or die.
Anyway, here is my miserable website experience that ends with a triumphant WordPress comeback.
Click here to go to the awesome part, or just scroll down and start reading.
A Tale of Two Web Developers
On 8/06/2014 2:09 PM, Julian F wrote:
My name is Julian and i logged into my grandfathers (Johns) website control panel to have a look and see if i could install WordPress. I was browsing the file manager within the Cpanel. and i had also created a new FTP user called julian.
I think maybe when i created a new FTP user, this for some reason deleted all the files that were already there. This is kind of a big problem. I have used Cpanel before, and i know how to create FTP users. and i cannot see why anything i have done would have caused ALL the files to be deleted?
Can you please check the logs and tell me what went wrong? there is only 1 folder left, and that is the folder i gave to the FTP user, i dont see why this action would delete all the files on my server without at least first warning me??!?!?
Any help would be greatly appreciated.
From Julian Fox
And then moments later i realised my mistake:
I just realised how I deleted these files.
When i created a new FTP user i was trying to create an FTP user so i could login using FileZilla, except whenever i logged in i couldnt see any files with filezilla. only with the Cpanel File manager. So i thought i had to create my FTP user and give it home directory. but this didnt work either, so i deleted that FTP user without realising that when i did delete it, it was going to delete everything inside that folder as well, because i seleted delete files.
If there is anyway u can restore the files that would be so amazing, otherwise, i suppose website.com.au is no more and will need to be rebuilt.
Man i really hate myself right now. its funny because for years i have said to my grandfather you know i could touch up your website a bit if u like, and he has said yeh ok maybe when we get around to it, and other times he has said nah i dont want to mess anything up, and so on… and now bam it took 2 minutes to just destroy everything. ahhhh well. thats life i guess.
Hopefully the Wizards that are BigRed web services can solve this F$%&K up of mine.
If i never hear from you again, so long!
From Julian Fox
And then i got a response from their support channel:
Date: Sun, 8 Jun 2014 21:07:14 +1000
Subject: Re: website.com.au a BigRed site all files deleted please help
After many hours of work we have managed to recover a backup of your site which we will reload as soon as we can.
I advise that it is not necessary to create a separate user account for FTP – the main account is the one to use. Separate user accounts will have permissions only to access their own area.
I would also urge you not to install WordPress. The hosting package that this site is on is not designed to support WordPress, plus doing so will disable the co-hosted domain of johnsotherwebsite.com.au and prevent it from working. More importantly though, WordPress is the most hacked web software in the world, and unless you are extremely knowledgeable in how to secure it, you can be the site will be hacked quickly and often.
We will notify you as soon as the site is restored, which will include the whole newsletter system which we have painstakingly developed over recent weeks.
BigRed web services
I felt i should offer a full explanation so I wrote back saying:
On 8/06/2014 10:01 PM, Julian F wrote:
Thanks a lot for fixing all of that.
I will include John in on this email so he is up to date with what’s going on.
Thank you for restoring the entire website to its original state.
I have experience with WordPress at adifferentwebsite.com.au and a few other sites, i have taken security measures to prevent various types of attacks and our hosting company has security measures in place, so far we havent had any problems despite some attepmts to hack it.
I am not as experienced as you so i dont know how common it is a website hack attempt is. but so far we have had no problems and i frequently study and visit the wordpress forums to keep up to date on this stuff.
I had installed and set up an entire wordpress website before i recieved this email so unfortantly i already did setup a wordpress website and i can see now johnsotherwebsite.com.au is not working anymore.
The hosts that i use have some pretty simple settings to configure all of this to work properly, even with WordPress, since WordPress is actually very very common and is fairly popular (which is probably why there is a high statistic rate of it being hacked, because it is used a lot so therefore it would be hacked a lot. the same reason there are more car crashes than motorcycle accidents, even tho motorcycles are more dangerous.)
Anyway, i know Gramps (John) wants a Blog set up on his website, i know from experience that WordPress is excellent at this, and it comes with free mailchimp plugins that make running a newsletter very easy and quick to set up and customise.
John is your client and you guys have a relationship established already so i will leave things up to you, I am sorry that i wrecked all of your hard work on the newsletter system, I hope this was something you had developed before and not a custom job of which the only copy resided on website.com.au, i am truely sorry if this is the case.
Anyway If you choose to use WordPress as the website and the blog content management system I will be happy to assist John whenever he needs it. However as you say his hosting plan is not technically meant for WordPress (tho WordPress seems to be running fine) so if you choose to use WordPress and the mailchimp plugin i set up by all means go ahead, but its totally up to you what you do.
I noticed someone had set up b2 blogging, i hear good things about that software around the WordPress community so theres no real reason to use WordPress over B2, but i prefer WordPress because it seems to be able to do everything and do it well. plus it has a fair amount of security resources.
You can check out the website wordpress website at http://www.website.com.au/wp/
The original website can be found at http://www.website.com.au/index.htm
From Julian Fox
And then i got a very interesting response, don’t forget this is a “Web Services” company:
Date: Mon, 9 Jun 2014 15:05:30 +1000
Subject: Re: website.com.au a BigRed site all files deleted please help
WordPress sites make up less than 1% of all sites around the world, but in a study conducted by Trustwave over the past year, they accounted for 86% of all hacked websites around the world. That is simply a fact. WordPress is inherently insecure because (a) it is open source software, meaning the hacking community has many opportunities to find weaknesses in it, and (b) most of the themes and plugins available for it are inherently insecure and use poor coding that allows inappropriate access. Think of it like a house – you can install all the security features in the world, but thieves can still gain entry if the front door is left open. That’s what happens with WordPress – hackers only have to Google a particular URL string used by sites with vulnerable plug ins, and they can go straight in, regardless of what other security measures may be in place.
If you use a vulnerable plugin or theme, or a weakness is found in one you use, then you WILL be hacked, no matter how you try to prevent it.
Regarding blogging, I have been in touch with other staff who have been working with John, and although he did request a “blog” function, on questioning what he actually wanted was an eNewsletter system. We have created one based on his exact requirements and it is now basically ready to use (we have now reinstalled it for him and tested it again).
Finally, you are not an authorised contact for John’s account, so you are unable to contact either Support or Accounts. Nor are we able to operate on any requests or instructions you give us, unless and until John authorises you as a contact.
This is why we have been able to restore the deleted files, but can make no other changes without authority from John himself.
Your site is not at its limit, and email appears to be working fine.
BigRed web services
And I just couldn’t resist, I decided to put all the last 5 months of research and YouTubing and Blog reading to good use for my the sake of my Grandfather. I was determined to show these guys they could do much better for my Grandfather, using WordPress.
Hi Mr Red,
I felt it was necessary to defend WordPress as I believe your statistics are out of date, or at least the statistics I have been able to find say otherwise, however it may come down to personal preference. Also, I use WordPress and I make a living from it so I feel it is my duty to point out or at least shed light on where you could be wrong about WordPress and its ability to provide a secure and cost effective environment for running a website.
WordPress being Open Source does mean the hacking community has many opportunities to find weaknesses in it, but there is hundreds of millions of dollars worth of investment into the Company that bases the majority of its revenue on WordPress, so this fact is not my main concern and i don’t think it should be website.com.au’s either. check out this article – This round of funding will value the company behind WordPress.com at north of $1 billion. WordPress is maintained and developed full-time by a company called Automattic.
I want to address 3 items:
- How many WordPress websites are there compared to the total number of websites worldwide?
- Security. Modern website. Easy to use. which one is more important?
- Is there a difference between commercially reputable, recommended plugins/themes and poorly rated and un-checked plugins/themes?
How many WordPress websites are there compared to the total number of websites worldwide
The total number of websites right now, according to various sources online is: 973 million and fast approaching 1 billion. The total number of WordPress websites is: 218 million. WordPress makes up 22% of the total number of websites on the internet. – w3techs – web technology surveys. This information is reported by multiple sources.
22% is higher than 1%, however 22% is not really all that high. but when you consider the sheer amount of websites online, there are so many random websites that are put up in 2 seconds with hardly any effort put in, and so many sites dedicated to unpleasant purposes and spam advertising, if you were to ask yourself how many ‘Good’ websites use WordPress, i think you would find the percentage is much higher, say around 60%.
Security. Modern website. Easy to use. which one is more important?
This actually comes down to personal preference and ones own specific requirements. Security is generally a word people pay attention to no matter what the context is, websites, houses, life. In my opinion security is NOT the top priority of website.com.au because it does not contain any sensitive information, and the downloadable executable files hosted on the site could probably be stored on dropbox or some other free external service that is highly secure in comparison.
I think for website.com.au and John, A modern looking website that automatically resizes the text and pictures so it always looks good on all screen sizes, phones tablets and PCs is the number 1 priority. Easy of use is priority number 2, John might like to make some changes to his website himself, maybe not. but i know for sure that he would like his Son Steven or Patrick to make changes to the website from time to time. Priority number 3 is security, it is the lowest priority because website does not store any customer data, nor does it need to transmit any sensitive information or data, therefore if it was hacked there is no risk of compromising anything.
It is very easy to implement a recurring automatic backup procedure that will ensure if in the case of website being hacked and destroyed, it could be restored from a remote storage such as Google Drive or Dropbox, similar to what you did except this would be easily managed with a point and click interface, by Steven or Patrick. WordPress makes this really easy, so even if WordPress is completely destroyed by a hacker, the hacker won’t get into my Google Drive or Dropbox. As i said, there is no security risk here.
I would also like to mention I found this study on trustwave.com that says:
“While patches were made available
when TimThumb was discovered three
years ago, many WordPress sites still
remain vulnerable due to poor patching
or the vulnerability’s inclusion in
many third-party plug-ins.”
TimThumb refers to a WordPress exploit that has been patched years ago. The article also mentions that trustwave have identified an increase in brute force attacks aimed at WordPress logins, it goes on to say that many WordPress websites are compromised due to a lack of security measures, such as changing default admin usernames and passwords.
No where in this report does it mention the statistic that you said that WordPress accounts for 86% of all hacked websites, perhaps it was in a different report?
Is there a difference between commercially reputable, recommended plugins and poorly rated and un-checked plugins
There is a big difference between using a commercially reputable, recommended plugin and a plugin that is never updated, poorly coded and has not been checked by WordPress. There is no point in getting highly technical about all this because no matter what software we are talking about, neither John or myself will understand the technical details that prove one way or the other about its viability as a secure and commercially fit WordPress plugin or Software Application of any kind.
Generally WordPress is like anything else, so long as you pick from recommended suppliers and make sure they have warranty or continues development and support, Plugins will tend to be as secure as WordPress itself. And WordPress is as secure as your supplier (hosting company) and yourself are willing to make it.
I would like to conclude by saying WordPress is by no means the only option. If a customer requires something highly unique with specific functionality that doesn’t exist anywhere else then perhaps hiring a developer to make a website from scratch is the way to go. As a business focused person i am all about being Cost Effective, and returning value to my clients, i believe the faster i can work and the cheaper my product or service is the more money i can make because if i do a good high quality job there should be no short supply of website clients considering the exponential rate of domain names coming online every day.
WordPress means I can teach my clients to use their own website, publish a blog, maintain a newsletter create web pages and secure their own website as well as back it up to their own google drive or dropbox. Using WordPress, plugins and themes makes all of this possible, it means it is much more cost effective for my customers. a lot of it hinges on how easy it is all to use, sure customers will need help as with anything else, but what customers had to pay a developer to do for them years ago, they can now do themselves with WordPress, or find a free service to accomplish the same task (with premium and affiliate rates/options), it is up to us to adopt a new business model and a new way of using the money customers give us, we can’t hold customers back thats not fair to them, or what they pay us for (even if they can’t articulate it).
I believe in educating and enlightening my customers, they resist it to the bitter end, but when that light bulb comes on they love you for it.
From Julian Fox
I only just sent the email earlier today, I haven’t received a response yet, but if it is an interesting one i will certainly share it.
Feel free to comment on anything that was mentioned in this email exchange.