Support » Installing WordPress » Netfirms WordPress Essentials Service Terms of Service

  • Have you upgraded to WordPress Essentials from Netfirms? They offer 60%+ boost in performance through caching. Makes sense right?

    Here’s what I learned so far:

    1. They have not yet published the terms of service they use when you sign up for this support plan. As of July 28 2014 the ToS has not been posted on their website or finalized, seemingly. It’s only $3/month right?

    Among the details in this yet-to-be-published terms of service:

    1. An administrative-level WP account is created automatically in your installation which can be used to service your account. The password is set by Netfirms but it appears it can be reset with another admin account. Every time they scan the site to make sure no malware is present, they will recreate this account and set a new password. Needless to say this is a potential security backdoor, which I hope Netfirms handles in good care. This account is called support_b4ca — you can’t really deactivate it because they automatically create it if you change the deatails.

    ​​If anyone figures out the default password generation scheme, this could be catastrophic. This approach to a support backdoor is a really bad idea. Netfirms could have implemented this without creating administrative accounts, and let you grant temporary access when needed. They have root access to the servers running the code, so I am not sure why they need ongoing administrative access.

    2. This service installs WP Total Cache and a proprietary Netfirms plugin which does NOT show in the plugins directory on the site. These plugins are automatically updated, and while one is public domain, the proprietary Netfirms one is unpublished (source code or otherwise). Again, I hope there are no security issues with the Netfirms plugin. It would be nice if they could publish this plugin in the Plugin repository, so it can be inspected in the public domain.

    They also install Jetpack and Akismet on new WP sites but that’s core.

    3. They update WordPress to the latest version automatically on your behalf. You can imagine the problems that can cause with conflicts etc.

    I asked them to cease updates of the WordPress core or any plugins on our website, as an upgrade could break part or all of your site, and we would have no idea what happened.

    It is critical that you see and agree to the terms of service they present. This is an interesting approach to support, and I don’t think a good one.

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Netfirms WordPress Essentials Service Terms of Service’ is closed to new replies.