There has beeen an announcement of a major wordpress hack, click here to read the announcement .. this one basically only needed three lines of code. If you are running wordpress, install wordfence and pay the annual renewal (no I get nothing form this). That will at the very least warn you of stuff as they detect it. Better still ... I will build you a bespoke system, using a commercial CMS as the back end and a front end based on Bootstrap v4 ... the _only_ way to be safe is not not let them in to do bad stuff. The Wordpress update manager can be subverted ... seriously SSL your site, use software that is not subject to arbitrary access. 300,000 sites blown in one go are you next? Really Larry PS: I had already moved my personal site to bespoke code, now JLogica needs to be moved away from 'free' software too!