Quoting Richard S. Crawford (rich...@underpope.com):

> That's what I was afraid of. Unfortunately I can't find the malware itself.


And I'll bet your wife doesn't have the ability to do a clean restore
from backup, does she?  That would be among the very first things to
fix, IMO.

Personally, I find public-facing PHP and developed apps requiring it
generally to be security-problematic and best avoided.  But people do
seem to love their WordPress anyway, which is why an entire hosting
market niche has evolved around outsourcing WordPress security headaches
to commercial outfits that charge a premium for compensating for the
basic error or electing WordPress (WPengine, Bluehost, Dreamhost,
Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb,
Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes,
Savvii, RoseHosting, et alii).  

Problem:  The software is ridiculously overbaroque, making debugging
difficult, and is an ongoing security nightmare.  Solution:  Expect
customers to spend hundreds of dollars a year extra on specialised
security-mitigation services.  It's a natural!

vox-tech mailing list

Reply via email to