[vox-tech] My wife's website

Alex Mandel tech_dev at wildintellect.com
Fri Jan 12 08:46:48 PST 2018


On 01/12/2018 08:30 AM, Rick Moen wrote:
> Quoting Richard S. Crawford (richard at underpope.com):
> 
>> That's what I was afraid of. Unfortunately I can't find the malware itself.
> 
> https://codex.wordpress.org/FAQ_My_site_was_hacked
> http://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/
> https://sucuri.net/guides/how-to-clean-hacked-wordpress
> 
> And I'll bet your wife doesn't have the ability to do a clean restore
> from backup, does she?  That would be among the very first things to
> fix, IMO.
> 
> Personally, I find public-facing PHP and developed apps requiring it
> generally to be security-problematic and best avoided.  But people do
> seem to love their WordPress anyway, which is why an entire hosting
> market niche has evolved around outsourcing WordPress security headaches
> to commercial outfits that charge a premium for compensating for the
> basic error or electing WordPress (WPengine, Bluehost, Dreamhost,
> Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb,
> Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes,
> Savvii, RoseHosting, et alii).  
> 
> Problem:  The software is ridiculously overbaroque, making debugging
> difficult, and is an ongoing security nightmare.  Solution:  Expect
> customers to spend hundreds of dollars a year extra on specialised
> security-mitigation services.  It's a natural!
> 

I outsource to Wordpress.com, just pay the $15 a year to use a custom
domain. I figure if the main vendor behind the software can't keep it
patched and safe, no one can.

Note, reducing plugins to bare minimum and allowing wordpress to
auto-update patches can do a lot to minimize the threat.

The other route to go, is to switch to a static site generator
https://www.fullstackpython.com/static-site-generator.html
Many of which are blog oriented.

Sorry,
Alex





More information about the vox-tech mailing list