Millions of Wordpress Sites Hacked, Again

On the 10th February, the BBC reported that “a security flaw in the WordPress blogging software has let hackers attack and deface tens of thousands of sites”. They estimated 1.5 million pages had been compromised but the number is likely to be much higher than that as a few simple Google searches of the hacker tag(s) reveals millions of domains have been affected.

We’re often asked why we don’t choose to use WordPress and this latest article only serves to reinforce our reasons.

In our opinion, Wordpress is a CMS that “got out of hand”. It’s used as a bespoke web development “framework” because there are so many Wordpress plugins and developers out there that can build a site using various third party plugins. The main concern everyone has with Wordpress (even those clients that specifically want us to use Wordpress) is it’s security vulnerabilities.

It has a similar set of problems to Windows because it has such a large market share. The plugins and even some of the core are generally written by novice self-taught programmers and therefore don’t adhere to PSR-2 and PSR-4 (PHP Framework Interoperability Group) standards. Standards such as these make reading core code and team collaboration so much easier, and in turn less costly in the future.

To add to the inconvenience of an attack, Google is now actively de-indexing any hacked pages, meaning if you are hacked your site could be pushed severely down the search rankings. Even if you manage to rectify the damage, it can take Google up to two weeks to reinstate your hacked page.

With your website acting as the shop window for your business, can you really afford to risk an attack?

There are many alternatives to WordPress available. Contact us to find out more.


At the time we had used Concrete5 version 6 to build a handful of sites that turned out to be really flexible and intuitive for our clients to use, leading to satisfied clients and therefore more business. We enjoyed working with Concrete5 as developers and continued to recommend the tool for content-heavy sites moving forward. We made the switch to Concrete5 version 7 approximately 18 months ago and have used it to build many successful websites, some including e-commerce and some multilingual.

Rawnet became a certified Concrete5.7 partner last year and the new version added many improved features, including an enhanced user interface and coding standards that make it nicer to work with.

What the developers at Rawnet like about Concrete5 is that it isn’t just a CMS, it’s an extendable Framework that can be used to build any kind of web application; with code patterns and methodologies used by Symfony2 and Laravel - two of the most robust and popular PHP frameworks available. WordPress however, is a function-based amalgamation of several years of non-standard, badly written code that is cumbersome to extend.

While it’s true that WordPress has a massive following and community, this is largely down to it being one of the first blogging platforms around; in comparison, Concrete5.7 is relatively new to the scene, but its community is growing at a steeper pace.

Some of the main features of Concrete5.7 that our clients love are; In-context WYSIWYG editing, Lego-style page building, user permissions and workflows and an intuitive admin interface. All of these features come with Concrete5.7 as standard; if you wanted to emulate the same functionality with WordPress you would need to install several third-party plugins that would most likely be incompatible with each other and would need upgrading on a regular basis.

Learn more about Concrete5.