The Perils of Using WordPress As a Hotel Website Content Management System (CMS) - By Max Starkov and Jaan Paljasma
Here at HeBS Digital we have been asked on numerous occasions about the viability of WordPress as a hotel website Content Management System (CMS). We have been involved in website development and CMS systems for over 15 years now, and our categorical answer is that the WordPress technology is ill-fitted to power hotel websites content management systems and is only adequate as a blogging technology.
According to Wikipedia, WordPress is a free and open-source blogging tool based on PHP and MySQL. WordPress is currently the most popular blogging system in use on the Internet. Our own blog is powered by WordPress, which, in addition to Tumblr, is the blogging technology of choice for many travel-related blogs.
Why is WordPress ill-prepared to handle the website CMS functionality of any e-commerce website, including hotel websites?
In our view, WordPress’ blogging platform has been exclusively designed to host blogs with an active comments system and a myriad of plug-ins available to modify the function of the blog. While plug-ins exist to transform WordPress into a blog-type product that resembles a CMS, there are thousands upon thousands of viruses and spam bots created simply to scan the Internet for vulnerable WordPress-related “entry points” and weak spots. For every security plug-in installed to secure your WordPress-powered website CMS, ten more malicious viruses are created.
Once your site’s security is breached, your website becomes a spam- and virus- spewing entity, which will prompt Google to quickly shut down your WordPress-powered website, resulting in a monumental loss of revenue. This is exactly what happened recently to a client of ours with a website inherited from a previous vendor.
In the recent illuminating article “Careless Webmasters as WordPress Hosting Provides for Spammers” the author describes how easy it is to hack a WordPress-powered website and how cyber criminals create large, spammy sites in subdirectories of hacked legitimate sites and generate millions of doorway pages on thousands of established websites with good reputation and SEO rankings with a singular goal in mind: to divert users to the hackers’ own e-commerce sites, quite often selling counterfeit luxury goods.
Another example is the use of WordPress-powered websites to launch massive distributed denial of service attacks (DDoS). Broadly, a DDoS attack is an attempt to make a network resource unavailable to its intended users in an attempt to disrupt service. Earlier today, we discovered yet another example of how malicious hackers used a WordPress-powered hotel website as a “work horse” for their distributed denial of service attack (DDoS), in this case against Google itself!
The following line of code was injected into a WordPress template:
Any visitor to the WordPress-powered hotel website with the above code triggers a distributed denial of service attack (DDoS) against Google:
- 2016 Checklist to Maximize Engagement and Revenues from Social Media - By Victoria Hsia
- The Perils of Using an Open-Source Content Management System (CMS) to Power the Hotel Website - By Mariana Safer and Max Starkov
- 2016 Checklist to Maximize Revenues from Your SEM Campaigns - By Carmine Fischetti & Sara OBrien
- Red Lion Hotels Hello Rewards Technology Platform Wins Gold Loyalty360 Award
- 2016 Checklist to Maximize Revenues from Multi-Channel Campaigns - By Margaret Mastrogiacomo
- Despite Higher Risks, Greater Percentage of Employees Are Holiday Shopping at Work
- South Floridas Hospitality Real Estate Continues to Climb: Hotel Values Are Stronger Than Ever - By John P. Lancet
- HVS Report - The Budget Hotel Sector's Position in the Sharing Economy - By Harry AB Douglass (PDF Dowlnoad)
- Baker & McKenzie's Views on What is the Risk/reward Relationship Between an Owner and a Manager? - By Graeme Dickson and Kerrie Duong
- U.S. Hotel Industry Projected to Experience Continued Y-O-Y Performance Increases Through 2016