[vox-tech] My wife's website
Alex Mandel
tech_dev at wildintellect.com
Fri Jan 12 08:46:48 PST 2018
On 01/12/2018 08:30 AM, Rick Moen wrote:
> Quoting Richard S. Crawford (richard at underpope.com):
>
>> That's what I was afraid of. Unfortunately I can't find the malware itself.
>
> https://codex.wordpress.org/FAQ_My_site_was_hacked
> http://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/
> https://sucuri.net/guides/how-to-clean-hacked-wordpress
>
> And I'll bet your wife doesn't have the ability to do a clean restore
> from backup, does she? That would be among the very first things to
> fix, IMO.
>
> Personally, I find public-facing PHP and developed apps requiring it
> generally to be security-problematic and best avoided. But people do
> seem to love their WordPress anyway, which is why an entire hosting
> market niche has evolved around outsourcing WordPress security headaches
> to commercial outfits that charge a premium for compensating for the
> basic error or electing WordPress (WPengine, Bluehost, Dreamhost,
> Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb,
> Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes,
> Savvii, RoseHosting, et alii).
>
> Problem: The software is ridiculously overbaroque, making debugging
> difficult, and is an ongoing security nightmare. Solution: Expect
> customers to spend hundreds of dollars a year extra on specialised
> security-mitigation services. It's a natural!
>
I outsource to Wordpress.com, just pay the $15 a year to use a custom
domain. I figure if the main vendor behind the software can't keep it
patched and safe, no one can.
Note, reducing plugins to bare minimum and allowing wordpress to
auto-update patches can do a lot to minimize the threat.
The other route to go, is to switch to a static site generator
https://www.fullstackpython.com/static-site-generator.html
Many of which are blog oriented.
Sorry,
Alex
More information about the vox-tech
mailing list