#
There were no more injections overnight but I'm not sure if that's because of the action I've taken or just because there were no posts yet today. Only the first post of the day was getting overwritten so it's hard to tell.
Things are going to be a bit janky for a while as I am completely rewriting sections of code so some things might not work for a while, permalinks and JavaScript toggles to open comments for example.
Let's see if this gets replaced...
#Numerous sections have been refactored and some additional mitigations have been put in place. Everything seems to be working properly and there are no PHP errors being logged - always a good thing. Hopefully I've caught everything but we'll see.
#Thanks to Eivind (again, 🙌) I've made further changes. I now have two new MySQL users with differing permissions: one to do INSERT, UPDATE and DELETE, the other to do just the SELECT statements. Both have only the permissions they require.
#I noticed that the file to build the daily RSS feed didn't run last night and wouldn't today no matter what I tried to do.
Then it dawned on me that one of the mitigation measures I'd put in place was to prevent the config file from being run directly, only when included. And.... I forgot to include the relevant define() statement in the file.
Funnily enough, it's working now.
