And to crap on top of it, I actually do have W3 Total Cache installed and did update it just the other day.
However, it only updated “because it’s there” — I don’t actually use it. I just never happened to delete it after I deactivated it. I guess I was hoping I’d figure out how to enable something useful like cacheing without it destroying the usability of my site.
So now I’ve had a “cleverly disguised backdoor” installed on my web site (which can thus access ALL my domains) for a few days.
Of course, I don’t even know what to look for regarding this exploit.
How could I have protected myself from this? Checking the WordPress.org news minute by minute for their latest security issues? Can I afford to ever sleep? Or maybe I just need to read through every single line of code for every single theme and plugin? Oh — but I probably have to scan the entire WordPress core as well. How long could that take?
Oh – the only solution is to buy VaultPress for ALL my domains… That makes sense. At least then I’ll be making somebody else’s monthly Corvette payment.
That’s the problem I keep running into with WordPress — it’s a bunch of very pretty cards and when you’re done… you’ve built a house of cards.
From my admin page — I gave up on even having this plugin activated in January.