My wife asked me to create website for her (cakes photos with descriptions).
I found this [tutorial]) and installed wordpress, watched a few videos on youtube how to use it and made a site with only a few most popular plugins. She was happy.
Next week site was broken, everyting deleted. I found a lot of traffic to XML-RPC, restored site from backup and disabled XML-RPC. After 3 weeks the site was broken again. Not deleted but prohibited to see for people with English language. Funny 🙂 Found couple of folders with strange names and files like lol.php, cp.php and this .htaccess
<IfModule mod\_rewrite.c>
RewriteCond %{HTTP:Accept-Language} \^(ja|zh-cn|en) \[NC\]
RewriteRule \^(.\*)$ – \[F\]
</IfModule>
Is it possible to make a simple and reliable site on WordPress? Don’t spend a lot of time maintaining it, just set it up once and maybe install security updates sometimes.
[ad_2]
So when you see files like lol.php and anything strange.php, you’ve been hacked. The problem is there are 3 levels at which this has to be set up, 1 of which would be by your host. The host is suppose to ensure that their servers are protected. For you, your hosting account should be using the latest PHP version and any other security measures available on your account. Lastly and most important, ensure you have a firewall plugin active such as Wordfence or Defender.
Start with a decent host.
Where is it currently hosted? Let me guess …