Hosting is No Longer Enough for Serious Law Firms

BY Jason Bland

website wireframe sketch and programming code on digital tablet
website wireframe sketch and programming code on digital tablet


Your website may be in danger

Since the inception of the internet, web hosting has been the backbone of the free-to-publish web. Conceptually, web hosting is simple.

A web host is simply a server that allows the public to access files; it is not so different from your office’s local network.

Over the decades, server requirements have expanded and now store more than just plain text and html files. Today, those files are content management systems (CMS), applications and a slew of programs that the modern business community can’t function without. Websites and online environments have become more powerful than ever, but the old hosting model hasn’t kept up.

If you are only paying for hosting and running a content management system, your website is not safe.

The normal model of grouping a lot of websites together on a server (shared hosting) and paying a company $10 to $20/month to make sure the lights stay on has no place in any business, especially a law firm. Even as cloud computing becomes the standard, there are still millions of non-tech savvy business owners trusting their uptime and security to ill-equipped companies.

Why CMS Hosting is Different
Any law firm succeeding online needs to be expanding and improving its website regularly. The best way to simplify this process is by using a CMS, like WordPress. With WordPress, content is stored in a central database that is accessible by users who have various sets of privileges. A law firm can hire a blogger and only give him or her access to blog post and page management while protecting the code and administrative tools. In this sense, WordPress offers more security.

WordPress is also expandable, with thousands of plugins, many of which are free. Chances are, if your site needs a feature, you can find a plugin to make it happen. But here is where your hosting company will let you down.

Hosting companies look at services running on the server. If your http (most web connections), POP/SMTP (mail), FTP (manual file transfers) or mySQL/Postgre (databases) function incorrectly, the host will detect the problem and fix it. If a WordPress plugin needs to be updated, the host is clueless. Even worse, if your WordPress theme or a plugin has a vulnerability and malicious code is injected into your site, your web host is unlikely to discover it.

If your hosting company does discover malicious code, the standard practice is to disable the infected script: your website. Now your website is infected and offline, and your hosting provider will tell you, “we don’t support third party software.”

Monitors and Mechanics
Popular CMS options like WordPress, Drupal and Joomla have all experienced security vulnerabilities. As open source applications, most of these vulnerabilities are discovered by volunteer coders and fixed (requiring an upgrade). Since version 3.7, WordPress does automatic updates for major releases, which has helped prevent widespread vulnerabilities from being exploited. But plugins are different, and a WordPress core upgrade can cause conflicts between the three components that make up your website: WordPress Core, Third Party Plugins and your Theme.

Scary as this may sound, you are still better off with a CMS than static html pages. You just need proactive monitoring and someone who can step in if something goes wrong.

The free WordFence plugin will help monitor your code, offer protection from brute force attacks and password guessers, and notify you if it detects changes in code (which could be an indicator that a hacker has injected malicious code into your site). IThemes Security is another alternative that offers similar protections. Premium versions of WordFence and iThemes Security are also available.

Even if all the right tools are running, the best solution is to trade in your hosting company for full site management. These services are $100 to $500/month and include server monitoring, WordPress monitoring, enhanced security, WordPress updates, Plugin updates and theme updates. Also, developers are available who can fix problems as soon as they’re discovered. Most providers also include a set number of hours for basic content updates and cloud backups and may also offer a CDN (content delivery network) to serve heavy media assets from a cloud platform to improve performance.

Website security and performance are too important to trust a standard hosting company. Full site management is a must for every law firm.

Jason Bland

Jason Bland is a Co-Founder of Custom Legal Marketing and a regular contributor to Bigger Law Firm Magazine. He focuses on strategies for law firms in highly competitive markets. He's a contributor on, is a member of the Forbes Agency Council, Young Entrepreneurs Council, and has been quoted in Inc. Magazine, Business Journals, Above the Law, and many other publications.


Security vulnerability infected websites

WordPress Security Breach Used Vulnerabilities in Plugins in Themes

Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy’s Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks,…

Law firm partner learning about SEO

How to talk to the partners about SEO

As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…

Law Firm UX

The Psychology of User Experience and Its Impact on Law Firm Marketing

User experience, commonly referred to as UX, is an essential aspect of any marketing strategy, including law firm marketing. It encompasses everything that the user experiences while interacting with a product or service, including ease of use, accessibility, visual appeal, and overall satisfaction. The psychology behind user experience is a fascinating subject, and understanding it…