<div dir="ltr">If you are considering a Wordpress site or host then make sure you install the Wordfence plugin especially if you're not going to be monitoring it often. I've recently upgraded all of the WP sites I host on my VPS to this basic config. I also include Jetpack so that I don't have to go too far to monitor activity and hits. One of the greatest exploits for WP sites is the plugins themselves, you'd be surprised how much protection these actually require on their own. Thankfully the WF plugin will take care of most of the well known ones with it's own firewall and tell you the ones which it can't deal with and are there for your own problem.<div><br></div><div>In terms of static vs dynamic content simply stop all comments on the site, turn on a "proxy cache" (external plugin or enable falcon in Wordfence) and set a long expiry date on the cache say 1-2 months. That will effectively lock the content of the site, when new content is available it's cached the first time called. If you update or want to push changes, simply force the cache to be deleted. When requests are made to the site instead of running through apache/php you get served static content. It also means that exploits in WP plugins are effectively delayed by the period of the cache, meaning free or low cost solutions can be considered in terms of WF, IDS and other malware software.</div><div><br></div><div>Finding a "good webhost" that does malware scanning is good provided they also keep it up to date. There is another zero-day exploit of the WP code in the wild right now that I caught. detected, locked out and fixed earlier this week. A very sneaky bit of code. The IDS on the webserver triggered a warning and raised the flag, the other systems lagged behind by 24-48 hours.. YMMV.</div><div><br></div><div>73</div><div><br></div><div>Matthew</div><div>VK5ZM</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 24 August 2016 at 07:14, Marcus B <span dir="ltr"><<a href="mailto:mrmabs@gmail.com" target="_blank">mrmabs@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Here's a question, does it actually need an interactive website, would static content do the same job? Saves a lot of security hassle. Especially since updates are few and far between.</p>
<p dir="ltr">On my own website (<a href="http://vk3tst.com" target="_blank">vk3tst.com</a>) I use a simple one html page wiki that I have upload automatically (to Dropbox) when I change it.</p>
<p dir="ltr">73, Marcus, vk3tst/vk5wtf</p><div class="HOEnZb"><div class="h5">
<br><div class="gmail_quote"><div dir="ltr">On Wed, 24 Aug 2016, 06:13 Damien Gardner <<a href="mailto:vk2tdg@gmail.com" target="_blank">vk2tdg@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">That's why a good webhost pays the $60/year for softaculous on their server ;) It automatically upgrades all wordpress (and joomla, and drupal, and magento, etc etc etc) installs on the server every week, so they can never fall behind.. :) <div><br></div><div>Most good hosts also run CXS for real-time malware detection, which among it's weekly scans, also notifies the server admin of any wordpress etc installs which are behind current versions - so you can notify customers that they have x days to upgrade or their site will be disabled.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 August 2016 at 17:50, Brendan Pratt - vk4blp <span dir="ltr"><<a href="mailto:vk4blp@southsidears.org.au" target="_blank">vk4blp@southsidears.org.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>Ian wrote on 23/08/2016 5:09 PM:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Just make sure you keep your Wordpress installation up to date with security patches - there are a number of exploits around for the out-of-date versions... (Some of the older ones have as much security as a colander...)<br>
</blockquote>
<br></span>
A HUGE +1 to that.... keep getting people with many updates shy of what they really need to have on their WP sites.<span><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
-Ian ZL1VFO<br>
<br>
~ Snip ~<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Subject: Re: [OZAPRS] <a href="http://aprs.net.au" rel="noreferrer" target="_blank">aprs.net.au</a> Hosting<br>
Message-ID: <<a href="mailto:243B8F73-D02A-4982-BBC6-E25207095B04@tech-software.net" target="_blank">243B8F73-D02A-4982-BBC6-<wbr>E25207095B04@tech-software.net</a><wbr>><br>
Content-Type: text/plain; charset="utf-8"<br>
Wordpress rocks<br>
</blockquote></blockquote></span><div><div>
______________________________<wbr>_________________<br>
OZAPRS mailing list<br>
<a href="mailto:OZAPRS@aprs.net.au" target="_blank">OZAPRS@aprs.net.au</a><br>
<a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" rel="noreferrer" target="_blank">http://lists.aprs.net.au/<wbr>mailman/listinfo/ozaprs</a><br>
</div></div></blockquote></div><br></div>
______________________________<wbr>_________________<br>
OZAPRS mailing list<br>
<a href="mailto:OZAPRS@aprs.net.au" target="_blank">OZAPRS@aprs.net.au</a><br>
<a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" rel="noreferrer" target="_blank">http://lists.aprs.net.au/<wbr>mailman/listinfo/ozaprs</a><br>
</blockquote></div>
</div></div><br>______________________________<wbr>_________________<br>
OZAPRS mailing list<br>
<a href="mailto:OZAPRS@aprs.net.au">OZAPRS@aprs.net.au</a><br>
<a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" rel="noreferrer" target="_blank">http://lists.aprs.net.au/<wbr>mailman/listinfo/ozaprs</a><br>
<br></blockquote></div><br></div>