Sec is not a CMS thing (I get the db, but that's not really a big concern).
I don't know what this means, but I recently had to fix up a Wordpress blog which had been hacked because of an insecure plugin. There were ads inserted as posts, and links hijacked to go to really bad sites. The administrator didn't notice for quite a while because the malware was smart enough not to appear if you were logged in as a user.
It's hard to imagine that happening to a static site. With a static site there are just files on a server. What is there to hack? Only the SSH connection to the server itself.
Yeah, my first one was an injected encrypted footer links with useragent & tore down a set of top ranking sites (long time ago). I didn't mean to dismiss CMS sec, it's a pain.
"Sec is not a CMS thing" just meant: Lots of the serious stuff (beyond annoying defacing) is social engineering & lower down the stack. The CMS or db is one part of many.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I don't know what this means, but I recently had to fix up a Wordpress blog which had been hacked because of an insecure plugin. There were ads inserted as posts, and links hijacked to go to really bad sites. The administrator didn't notice for quite a while because the malware was smart enough not to appear if you were logged in as a user.
It's hard to imagine that happening to a static site. With a static site there are just files on a server. What is there to hack? Only the SSH connection to the server itself.
Yeah, my first one was an injected encrypted footer links with useragent & tore down a set of top ranking sites (long time ago). I didn't mean to dismiss CMS sec, it's a pain.
"Sec is not a CMS thing" just meant: Lots of the serious stuff (beyond annoying defacing) is social engineering & lower down the stack. The CMS or db is one part of many.