Be careful of the new-found malware that hijack WordPress servers

Just read this article about the Linux malware that turns WordPress servers into proxy botnet:


Great that we use Hugo and therefore static pages on our end.


If you run wordpress and not the wordfence plugin you're asking for trouble. Even if you run the free tier, the protection is amazing.

The have a great podcast too.


If I may...
I completely got rid of Wordfence :

  • their ethics is very strange : they delay critical solutions for free users,they inundate with marketing mails, their paid version is expensive
  • WordFence is very heavy and consumes a lot of process

I very happily use very light specialized add-ons :

  • Ninjafirewall that does the job silently, without system load and allows to fine tune the site security policies.
  • Zero Spam that provides a very efficient anti spam honey pot and allows to avoid the horrendous captchas
  • Blackhole for bad bots another honey pot for fake search engines
  • Antispambot that changes mail addresses in ascii code so that "mailto" on the site doesn't allow bots to find the email address

I explain some of those on a WordPress security tutorial on my french site (translatable)

Obviously Hugo is an interesting alternative, but it has not all the functionalities WP can offer.


Malware is really very common today because many scammers are trying to get hold of our files and accounts. The Internet is a risky place if you run your business here. Last month I managed to avoid encountering malware because a friend of mine recommended a good service that scans files for viruses. I needed to download several files to work and thanks to I have protected myself and my computer from harmful programs. This is why I recommend checking files first and opening them later

Forum kindly sponsored by