I found the offending code, buried deep in the actual database. The code has been eliminated, and all passwords have been changed.
Whack-a-mole. On Fri, Jan 12, 2018 at 8:46 AM, Alex Mandel <[email protected]> wrote: > On 01/12/2018 08:30 AM, Rick Moen wrote: > > Quoting Richard S. Crawford ([email protected]): > > > >> That's what I was afraid of. Unfortunately I can't find the malware > itself. > > > > https://codex.wordpress.org/FAQ_My_site_was_hacked > > http://www.wpbeginner.com/beginners-guide/beginners- > step-step-guide-fixing-hacked-wordpress-site/ > > https://sucuri.net/guides/how-to-clean-hacked-wordpress > > > > And I'll bet your wife doesn't have the ability to do a clean restore > > from backup, does she? That would be among the very first things to > > fix, IMO. > > > > Personally, I find public-facing PHP and developed apps requiring it > > generally to be security-problematic and best avoided. But people do > > seem to love their WordPress anyway, which is why an entire hosting > > market niche has evolved around outsourcing WordPress security headaches > > to commercial outfits that charge a premium for compensating for the > > basic error or electing WordPress (WPengine, Bluehost, Dreamhost, > > Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb, > > Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes, > > Savvii, RoseHosting, et alii). > > > > Problem: The software is ridiculously overbaroque, making debugging > > difficult, and is an ongoing security nightmare. Solution: Expect > > customers to spend hundreds of dollars a year extra on specialised > > security-mitigation services. It's a natural! > > > > I outsource to Wordpress.com, just pay the $15 a year to use a custom > domain. I figure if the main vendor behind the software can't keep it > patched and safe, no one can. > > Note, reducing plugins to bare minimum and allowing wordpress to > auto-update patches can do a lot to minimize the threat. > > The other route to go, is to switch to a static site generator > https://www.fullstackpython.com/static-site-generator.html > Many of which are blog oriented. > > Sorry, > Alex > > > > _______________________________________________ > vox-tech mailing list > [email protected] > http://lists.lugod.org/mailman/listinfo/vox-tech >
_______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
