Not that long ago, I posted on this subject with my blog: Hosting providers - Isn't it time? It was nice to see in the comments that some providers actually took on board the free advice and took steps to better secure their servers.
However, by and large it seems still, far too many hosting providers just do not care about security. This is not the place to name and shame them, but I'm talking about huge hosting providers still running outdated installs of php4 for example.
Further, one of the most common responses hosting companies give to the users when their site is hacked, is "It's Joomla's fault". How illogical it this for example, when the user is running Joomla 1.5.0 (an out of date version that was patched long ago)? If you are a host and one of your clients sites is hacked, think before you lay blame. Why do so many of you automatically blame Joomla and not the client who never kept their site updated?
If you want to make a difference, educate yourself with an hour or so of you time and find out how simple it is to keep up to date. Don't you want smarter users, who run more secure websites and thus reduce your support time cleaning up phishing scams, spam mailers and hacked websites?
Maybe publish our security feed somewhere on your site, do you know the link?: http://feeds.joomla.org/JoomlaSecurityNews Subscription via email is also available from that page.
So join me as we sing together:
- "php4 is no more, we don't run it at all!"
- "suphp is for me, especially when I want security!"
- "backups are my friend, we take them even on the weekend!"
- "we keep our software up to date, vulnerabilities are what we hate!"
Finally. You don't have to listen to me, afterall, what would I know, you may say, however, next time a user posts about their sites being compromised due to a poor hosting configuration you might lose a customer when someone points out that the blame may in fact lie with you, their host and not with Joomla at all.