From my diary

It seems that this blog was hacked on 22 July 2024 at 10:20, by some poor soul who poisoned a great number of the articles with spam links to pharmaceutical sites.  I gather that this is a standard attack, known as “spam link injection.”  I discovered this in an old article by accident last night, and I have spent some hours today attempting to discover the extent of the problem.  The attack was done cunningly, mainly on older articles or pages, which meant that I was oblivious.

The attack was not done by logging into the editing console, as the changed text is not present in the list of revisions.   I don’t know how it was done, in truth, which makes it hard to know how to prevent it again.  Possibly some WordPress plugin was responsible.  Possibly the theme that I use is insecure?

I don’t know how many posts are affected.  I don’t know how to fix this in any easy way.  Worse still, attempting to revert the changes through the UI has left some articles blank.

I do have backups from before the hack; one from the 18th of June, thankfully.  I would hope that posts after the 22 July 2024 are not affected.

Reading around for help, I find that WordPress is now a very insecure platform, which requires constant patching to be secure.  This is not something that I am competent to do.  Possibly a hosted solution would do this.

Likewise WordPress seems entirely disinterested in providing themes for bloggers.  All the themes are aimed at websites.  The last mainstream theme to focus on blogs, in 2019, does not handle mobile phones (!).

Blogging is getting increasingly difficult to do, it would seem.  The internet is changing, away from ordinary people towards something that only corporate infrastructure can handle.

I’m not quite sure what the way forward is. We’ll see.