<div dir="ltr"><div class="gmail_default" style="font-family:"times new roman",serif;font-size:small">I found the offending code, buried deep in the actual database. The code has been eliminated, and all passwords have been changed.</div><div class="gmail_default" style="font-family:"times new roman",serif;font-size:small"><br></div><div class="gmail_default" style="font-family:"times new roman",serif;font-size:small">Whack-a-mole.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 12, 2018 at 8:46 AM, Alex Mandel <span dir="ltr"><<a href="mailto:tech_dev@wildintellect.com" target="_blank">tech_dev@wildintellect.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 01/12/2018 08:30 AM, Rick Moen wrote:<br>
> Quoting Richard S. Crawford (<a href="mailto:richard@underpope.com">richard@underpope.com</a>):<br>
><br>
>> That's what I was afraid of. Unfortunately I can't find the malware itself.<br>
><br>
> <a href="https://codex.wordpress.org/FAQ_My_site_was_hacked" rel="noreferrer" target="_blank">https://codex.wordpress.org/<wbr>FAQ_My_site_was_hacked</a><br>
> <a href="http://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/" rel="noreferrer" target="_blank">http://www.wpbeginner.com/<wbr>beginners-guide/beginners-<wbr>step-step-guide-fixing-hacked-<wbr>wordpress-site/</a><br>
> <a href="https://sucuri.net/guides/how-to-clean-hacked-wordpress" rel="noreferrer" target="_blank">https://sucuri.net/guides/how-<wbr>to-clean-hacked-wordpress</a><br>
><br>
> And I'll bet your wife doesn't have the ability to do a clean restore<br>
> from backup, does she? That would be among the very first things to<br>
> fix, IMO.<br>
><br>
> Personally, I find public-facing PHP and developed apps requiring it<br>
> generally to be security-problematic and best avoided. But people do<br>
> seem to love their WordPress anyway, which is why an entire hosting<br>
> market niche has evolved around outsourcing WordPress security headaches<br>
> to commercial outfits that charge a premium for compensating for the<br>
> basic error or electing WordPress (WPengine, Bluehost, Dreamhost,<br>
> Siteground, Cyon, Flywheel, Kinsta, Pantheon, <a href="http://34sp.com" rel="noreferrer" target="_blank">34sp.com</a>, LiquidWeb,<br>
> Mshini, SoHosted, TVC.net, Interserver, Pagely, GreenGeeks, Raidboxes,<br>
> Savvii, RoseHosting, et alii).<br>
><br>
> Problem: The software is ridiculously overbaroque, making debugging<br>
> difficult, and is an ongoing security nightmare. Solution: Expect<br>
> customers to spend hundreds of dollars a year extra on specialised<br>
> security-mitigation services. It's a natural!<br>
><br>
<br>
</span>I outsource to Wordpress.com, just pay the $15 a year to use a custom<br>
domain. I figure if the main vendor behind the software can't keep it<br>
patched and safe, no one can.<br>
<br>
Note, reducing plugins to bare minimum and allowing wordpress to<br>
auto-update patches can do a lot to minimize the threat.<br>
<br>
The other route to go, is to switch to a static site generator<br>
<a href="https://www.fullstackpython.com/static-site-generator.html" rel="noreferrer" target="_blank">https://www.fullstackpython.<wbr>com/static-site-generator.html</a><br>
Many of which are blog oriented.<br>
<br>
Sorry,<br>
Alex<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
______________________________<wbr>_________________<br>
vox-tech mailing list<br>
<a href="mailto:vox-tech@lists.lugod.org">vox-tech@lists.lugod.org</a><br>
<a href="http://lists.lugod.org/mailman/listinfo/vox-tech" rel="noreferrer" target="_blank">http://lists.lugod.org/<wbr>mailman/listinfo/vox-tech</a><br>
</div></div></blockquote></div><br></div>