Over the holidays (naturally) some [expletives deleted] inserted some malware into this site. It redirected viewers to an attack site, no doubt to nefarious ends. The vulnerability appears to have been in a WordPress 4.0 script. We’ve updated to WP 4.1 and taken other necessary steps.
- Web sites aren’t “set and forget”.
- Being a low-value target is not a defense.
- Security updates don’t happen automagically
- Don’t trust the tools to set up protections appropriately.
- Google and stopbadware.org are your friends… in the “tough love” sense of friends.
- My first incident response involved a lot of trial-and-error. I can’t imagine how a site owner with no CS background could begin to deal with these kinds of problems.
Anyway, all clear. Maybe someday law enforcement will catch up with these [expletives deleted].