Dear dizzy,
…
An audit of our hosting environment showed a malware php file in a hidden directory on your website/s. Our investigations have shown there were no vulnerabilities on our platform that caused this issue, and the attacker most likely used an outdated plugin to gain access.
…
This site went down! twice just recently. Think that I know which pluggin and had already removed it. Using long passwords e.g. a phrase of 20 or more characters, is a sensible and effective security precaution. [ed: Don’t use the same password for all websites. You’re asking for trouble if you use the same password for a news site and your email.] I am pleased with my website host.
15/3/22 Previous strikethrough applied. This follows a migration by my host and subsequent problems contacting support. I expect to be moving to a different host.