There’s nothing wrong with responsibly using off-the-shelf software packages. Whether it’s a WordPress blog or a commercial shopping cart, they often represent an affordable way to avoid reinventing the wheel, both from a development and a user-interface perspective.
In addition, many of our clients also find that commodity shared hosting is a fair choice. Face it: if you’re operating a fairly light-weight site that’s getting a few hundred visitors per day, tops, you don’t need that much performance. There’s also a “too big to fail” aspect to being one client of many on a huge machine with a fast connection– odds are, if something fails on their end, you’re the 67th person to report it and they’re already working on it by the time you find out.
However, combining the two can open yourself to surprising difficulties.
Anyone who owns a blog knows that they’re going to get a bunch of spam posts. Frequently, these are intended as spam for SEO purposes– create a bunch of low-quality links that all say “Buy Fake Watches Filled With Erectile Dysfunction Pills”, linking back to the “money site” where you actually sell the goods. Usually, this was either a keyword stuffed domain (gobuycheapfakewatches2014now.info) or a complete nonsense domain (etroigjfrhnjlkfhjgh.info), because nobody wanted to spend money on a quality domain with real rankings to run the scam.
Lately, I noticed a new trend. Very spammy anchor text, linked to legitimate looking domains. When you loaded the pages up, they looked and felt like normal websites, with nothing to do with the original anchor text. Where’s the business plan?
While there’s a lot of effort devoted to protecting a site from SQL Injection-style attacks through input sanitization and paramaterized queries, why does nobody approach it from the perspective of sandboxing the database user account?