Quoting Richard S. Crawford (rich...@underpope.com): > That's what I was afraid of. Unfortunately I can't find the malware itself.
https://codex.wordpress.org/FAQ_My_site_was_hacked http://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/ https://sucuri.net/guides/how-to-clean-hacked-wordpress And I'll bet your wife doesn't have the ability to do a clean restore from backup, does she? That would be among the very first things to fix, IMO. Personally, I find public-facing PHP and developed apps requiring it generally to be security-problematic and best avoided. But people do seem to love their WordPress anyway, which is why an entire hosting market niche has evolved around outsourcing WordPress security headaches to commercial outfits that charge a premium for compensating for the basic error or electing WordPress (WPengine, Bluehost, Dreamhost, Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb, Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes, Savvii, RoseHosting, et alii). Problem: The software is ridiculously overbaroque, making debugging difficult, and is an ongoing security nightmare. Solution: Expect customers to spend hundreds of dollars a year extra on specialised security-mitigation services. It's a natural! _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech