The article sums up his revealing analysis of how a Theme malware code integrates itself into your site, even down to the server level, through a twisting path of imaginative code. The code reminds me of insidious bombs featured in an episode of Star Trek: Deep Space Nine called “Houdinis.” The bombs vanished in and out of subspace, each less than a meter from another one in a grid. At any time it could appear and explode if it detected movement near it, surprising and killing the victims. This code has the ability to activate, create trouble, then erase its path, making it tough to detect, test, and eliminate.
The article also offers some tips and WordPress Plugins for checking your site for security vulnerabilities, as well as possibly test a Theme before you become too invested in it. There is no one full-proof, one step thing you can do yet, though there are many working on some advanced site armor and prevention tools which I will cover in an upcoming article on WordCast.
In general, use the built-in auto update feature to upgrade WordPress immediately when a mandatory security update is released, and upgrade Themes and Plugins.
Remember, prevention is cheaper and easier than dealing with a hack after the fact.
We live in “interesting times,” and I dream of the day when those who dance with the dark put their creative energy, discipline and determination into projects of light, peace, and joy…and that good would pay better than bad.
Niciun comentariu:
Trimiteți un comentariu