I got a call at 11:03 PM last year. A client. Panic in his voice. His website was showing a phishing page in Chinese. Every URL redirected to a fake login screen. His customers were messaging him on Facebook asking if he'd been hacked. He had been. An outdated contact form plugin — one he'd never asked for, installed by the previous developer because it was "free" and saved an hour of custom work — had a known vulnerability. The attacker automated the exploit, dropped a backdoor, and replaced his homepage. It took me four hours to clean. Two more days to harden everything else. The client didn't sleep that night. Neither did I. That's not a WordPress bug. That's WordPress economics. I've been building websites since 2001. I've used WordPress for fifteen of those years. I've built blogs, corporate sites, e-commerce stores, and membership platforms on it. I'm not saying it's a bad tool. I'm saying it's the wrong default for the projects that come through my door today. The problem isn't…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.