[deanhills]

@deanhills can share his fair experience with his blog getting hacked despite being up to date and all setup properly.

Unfortunately I don't have a clue what happened.  I've published the identical blog on different VPSs and haven't ever had it hacked in any of the other VPSs.  So can't help but think the hacking had nothing to do with the WordPress blog - there was a manipulation of something in the DNS of the VPS through the IP that may have been inherited and associated with rogue domains that still carry that IP to this day.  

I've had the same blog running on VPS 9 for a very long time.  Also on HostUS for a while.  So chances should have been that those blogs would have been hacked too.  Identical meaning I have a backup of the blog that I use as a template   I imported it into a newly created WordPress blog on my Contabo VPS and then modified it.  Added new blog posts and changed the content of the pages.  I did the import with the All-in-one WP Migration Plugin which I use to move all of my WordPress sites.  Same style, same plugins. All I did was to change the content of the WordPress blog - pages and new posts.  Blog as always was disabled for feedback - it's basically a static site for all intents and purposes.  So unfortunately I can't contribute anything of value here as I don't have a clue what happened.

Greatest irony was that when the Contabo technicians checked after the hack report had been received, they couldn't find hack files on my VPS either.  They thought I'd fixed it.  So no one has provided me with a logical explanation yet for what happened.  I haven't received real and convincing proof yet that my blog has been hacked.  And since that happened in June 2019 I've been using the same blog with same style and plugins in two VPSs with no hacking at all. So far any way.