Subj : Re: LCBO breech
To   : August Abolins
From : Nick Andre
Date : Mon Jan 16 2023 04:29 pm

On 16 Jan 23  14:57:00, August Abolins said the following to Nick Andre:

AA>  NA> I have a customer with a Wordpress site that had similar problems. Oh
AA>  NA> what a freaking nightmare that was... in the end I had to completely
AA>  NA> disable all plugins and widgets until the culprit was found.
AA> 
AA> My approach with WP is to turn off outside access first. Just  
AA> park a landing page with an "offline/maintenance" comment or  
AA> something.

Long story short, this was a problem I inherited long ago because the company 
considered the website to be a techie-thing, therefore techie-things are IT 
department things no matter what. The company tried to save money by hiring a
relative who in turn outsourced the coding of the site to India. The company
also hired a young guy as their social-media/website marketing "expert" who
in turn loaded that poor website with all kinds of plugin and widget crapola.

One of a few plugins was hacked, which in turned caused malicious code 
injected everywhere, on every stinkin' PHP file, and the only way to fix this
was to shut off every plugin, manually clean the PHP files and SQL, secure the
Linux Apache install it was deployed on... and a hefty invoice for my time.

Nick

--- Renegade vY2Ka2
 * Origin: Joey, do you like movies about gladiators? (1:229/426)

.