Several years ago, I switched from writing static HTML for this website to using the wordpress platform. I kept it up to date, including plugins. I use two-factor authentication, and an add-on plugin to monitor itself and report issues.

That didn’t prevent the website from being hacked and used to inject malware. I cleaned it up. It happened again. I cleaned it again.

And all was good, for a while.

This weekend, I get an automated email, “an admin account was created outside wordpress”.

Huh? I did no such thing.

But sure enough, there it is. User ‘wordpress’, user id ‘123456’. Because of the two-factor, nothing was going to get very far, but dammit, that’s it.

No longer do I have wordpress installed in a convient location, where I can write from anywhere and upload. In all frankness, I’m terrible at maintaining this site (content) very well anyway—I always was good about maintaining the code, because wordpress is so clearly dangerous.

Now? I have a machine on my own network, where nobody can get to it but me, and what you are reading is a static export. Nothing to log in to.

It’s not as easy to use, and there’s no longer any way to allow comments, but at least I won’t need to worry about a naked wordpress.