[vox-tech] My wife's website

Richard S. Crawford richard at underpope.com
Fri Jan 12 08:58:00 PST 2018


​I found the offending code, buried deep in the actual database. The code
has been eliminated, and all passwords have been changed.

Whack-a-mole.​

On Fri, Jan 12, 2018 at 8:46 AM, Alex Mandel <tech_dev at wildintellect.com>
wrote:

> On 01/12/2018 08:30 AM, Rick Moen wrote:
> > Quoting Richard S. Crawford (richard at underpope.com):
> >
> >> That's what I was afraid of. Unfortunately I can't find the malware
> itself.
> >
> > https://codex.wordpress.org/FAQ_My_site_was_hacked
> > http://www.wpbeginner.com/beginners-guide/beginners-
> step-step-guide-fixing-hacked-wordpress-site/
> > https://sucuri.net/guides/how-to-clean-hacked-wordpress
> >
> > And I'll bet your wife doesn't have the ability to do a clean restore
> > from backup, does she?  That would be among the very first things to
> > fix, IMO.
> >
> > Personally, I find public-facing PHP and developed apps requiring it
> > generally to be security-problematic and best avoided.  But people do
> > seem to love their WordPress anyway, which is why an entire hosting
> > market niche has evolved around outsourcing WordPress security headaches
> > to commercial outfits that charge a premium for compensating for the
> > basic error or electing WordPress (WPengine, Bluehost, Dreamhost,
> > Siteground, Cyon, Flywheel, Kinsta, Pantheon, 34sp.com, LiquidWeb,
> > Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes,
> > Savvii, RoseHosting, et alii).
> >
> > Problem:  The software is ridiculously overbaroque, making debugging
> > difficult, and is an ongoing security nightmare.  Solution:  Expect
> > customers to spend hundreds of dollars a year extra on specialised
> > security-mitigation services.  It's a natural!
> >
>
> I outsource to Wordpress.com, just pay the $15 a year to use a custom
> domain. I figure if the main vendor behind the software can't keep it
> patched and safe, no one can.
>
> Note, reducing plugins to bare minimum and allowing wordpress to
> auto-update patches can do a lot to minimize the threat.
>
> The other route to go, is to switch to a static site generator
> https://www.fullstackpython.com/static-site-generator.html
> Many of which are blog oriented.
>
> Sorry,
> Alex
>
>
>
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lugod.org/pipermail/vox-tech/attachments/20180112/7c0e9d55/attachment-0001.html>


More information about the vox-tech mailing list