On 01/12/2018 08:30 AM, Rick Moen wrote: > Quoting Richard S. Crawford (rich...@underpope.com): > >> That's what I was afraid of. Unfortunately I can't find the malware itself. > > https://codex.wordpress.org/FAQ_My_site_was_hacked > http://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/ > https://sucuri.net/guides/how-to-clean-hacked-wordpress > > And I'll bet your wife doesn't have the ability to do a clean restore > from backup, does she? That would be among the very first things to > fix, IMO. > > Personally, I find public-facing PHP and developed apps requiring it > generally to be security-problematic and best avoided. But people do > seem to love their WordPress anyway, which is why an entire hosting > market niche has evolved around outsourcing WordPress security headaches > to commercial outfits that charge a premium for compensating for the > basic error or electing WordPress (WPengine, Bluehost, Dreamhost, > Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb, > Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes, > Savvii, RoseHosting, et alii). > > Problem: The software is ridiculously overbaroque, making debugging > difficult, and is an ongoing security nightmare. Solution: Expect > customers to spend hundreds of dollars a year extra on specialised > security-mitigation services. It's a natural! >
I outsource to Wordpress.com, just pay the $15 a year to use a custom domain. I figure if the main vendor behind the software can't keep it patched and safe, no one can. Note, reducing plugins to bare minimum and allowing wordpress to auto-update patches can do a lot to minimize the threat. The other route to go, is to switch to a static site generator https://www.fullstackpython.com/static-site-generator.html Many of which are blog oriented. Sorry, Alex _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech