PSA WPEngine hacked

Have all my wp sites and have been hosting with them since they started - the irony is they pride themselves on security

I have to say though they handled it very well, immediately got an email notice, they locked out/changed all main wpengine control panel passwords, but I had to manually change about 30 different passwords between sftp, db, wp-admin users for each install. The whole process took about 25 min...Shit happens like 3 days after the hack when I accidentally deleted an install and they were able to restore it within 5 min of calling their support.
 
Annoying though it may be, I was glad that this served as sort of an impetus for me to do what I've been saying I was going to do forever. Namely, using a random password generator, and creating ridiculous, unique passwords for every single login I have whether for WP admin, FTP, SSH, etc.

The LastPass generator makes it quick and easy: https://lastpass.com/generatepassword.php I'd recommend enabling pretty much every feature, setting it to 50-64 characters, and always save ALL your passwords somewhere secure, preferably something encrypted.
 
What's the deal with WPEngine? I've heard a ton of negative press about them recently. Are they still solid or not?
 
I haven't really had any issue with them, with the few sites I have hosted there. They did recently have some major security issues, but were quick to resolve them.

A few random insights I've had, in the ~2 years I've had a few relatively small sites hosted with them. First, they are very performance optimized and incredibly fast. For a browser-cached page load of one small site, I've seen response times as fast as 19ms for just the HTML, and 200-300ms overall page load, sometimes hitting 180ms or faster.

Site management is very streamlined. You have FTP access if you need it, plus a WPEngine section of your WP admin dashboard, which can easily be used to manage a staging site, CDN, cache, etc.

They aren't cheap, but they are relatively painless and streamlined, which is great for a site that you just don't want to be bothered to manage much, and especially if you don't want to have to worry about server-side management, security, etc. I usually recommend them to a lot of small businesses, as $30 is cheap insurance for them to not have to worry about the site, and not being able to afford to keep someone on retainer as a "webmaster".

In hindsight, I do have some regrets in letting myself get lazy for those few sites, as opposed to simply setting up another Linux server elsewhere, like DigitalOcean, Linode, or wherever. It gets tedious having to setup everything from scratch, then lock it down.

If your site is going to be one that stands to see a lot of potential traffic in the future, it will be VERY expensive going with them. You'd end up paying what it would cost to have your own dedicated server... Even then, you still would not have total control of your own site, and would be subject to things such as the inevitable WP upgrades, whether you want them or not... Things to consider.
 
You must log in or register to reply here.
Back