Hacking Hazards of DIY Templates
The most common Do-It-Yourself (DIY) template-based platforms are WordPress, Joomla! and Drupal, among many others. Due to the rise in popularity of DIY template “shortcuts”, millions of people around the globe use them, and most every website built on one of these platforms has serious security risks. Additionally, a variety of coding errors and design glitches cannot be resolved because of fundamental flaws of the template builder systems themselves, which is very enticing to hackers who have a heyday on the number of back doors and loopholes that are vulnerable targets to malicious hacks and security breaches.
One of the biggest selling points of DIY templates are plugins, which add additional functionality to your website such as sidebars or e-commerce functionality. However, plugs-ins are one of the biggest risks. Currently there are 38,655 plugins available. Even with an added security plugin, there are so many plugins and software updates happening simultaneously that your website quickly becomes outdated as plugins and software become incompatible, which puts your site at risk. Outdated software is one of the top reasons websites get hacked.
As stated in the Sucuri™ Website Hacked Trend Report, "Out of the 11,000+ infected websites analyzed, 75% of them were on the WordPress platform and over 50% of those websites were out of date. Compare that to other similar platforms that placed less emphasis on backwards compatibility, the percentage of outdated software was above 80%."
Other sources say that 41% get hacked through vulnerabilities in their hosting platform, 29% by means of an insecure template theme, 22% via vulnerable plugins, and 8% because of weak passwords.
The other risk lies in the open source nature of DIY platforms. Since the system publicizes changes and security measures made with each release, it’s easily available to hackers.
If this doesn’t scare you enough to steer away from DIY websites, make sure you read Stratomatic's article, "Why Custom-Coded Websites Outperform Every Time".
Are custom websites vulnerable to hackers?
NO website, including custom websites are immune from hacking, though custom websites have much fewer back doors and opportunities for hackers to wriggle through. Custom websites don’t need third-party plugins - the functionality is coded directly into the website. Additionally, there are no software updates to contend with.
Here are the top reasons why websites I design are more secure, and I'm probably speaking on behalf of many other talented web developers who hand-code websites using HTML5:
- HTML5 doesn’t require Flash Player for videos or animations. The Flash Player extension has suffered from numerous, serious security flaws and I don't ever use it.
- Writing clean code passes security inspections performed by hosting companies, qualifying your website for a SSL certificate which in turn changes your website from a http (unsecured) to an https (secured) site protected from cybercriminals, which in turn protects visitors to your website from being infected with dangerous malware like Trojans and Cryptoware.
- No hackable keywords are used since Google and any major search engine no longer pay attention to the Keyword tag because it led to a lot of people spamming the meta tag area. Instead the TITLE and DESCRIPTION meta tags are used which the search engines now focus on in determining a web page’s authority, along with the content of the web page.