Re: Hang on a moment
"This affects the whole WordPress set-up and not just the Likely Lad cook?"
And not just Wordpress. It's likely this was backdoored via a third party theme or plugin. A number of vendors replicate them across the popular CMSs. its just that WP being the biggest is the most attractive target.
Frankly even good SysAdmins get caught. An issue is that we can't really share our defensive measures without giving them away to the enemy. So we roll our own and who can guarantee to do that perfectly?
What's unforgivable is not to have a recovery plan when (not if) it happens. The 5 week DEFRA downtime is really bad service. And I bet they paid a lot more to the contractors then did Mr Oliver who, from the report, got it sorted quickly.