I just met Ken Dawes at a WordPress meetup. He’s come up with 10 Steps to WordPress Security Protection:
Scripted websites/ blogs using WordPress are becoming more and more common. And as such they are becoming ever more tempting targets for hackers and trashers. It might be something as simple as putting a picture on your site that goes “phhpttttt!!! I was here!” Or it might go so far as to taking over your site, denying you access to it and then holding your site for ransom. Malicious code can be placed on your site that might infect visitors’ computers and not the least of your worries, get you banned by the search engines.
Wordpress.org does a great job of eliminating potential entryways into the WordPress code with frequent updates. However, it is open-source code and is developed by hundreds if not thousands of people. (especially when you consider the myriad of themes and plugins available) Unfortunately, hackers work just as hard to find ways to exploit WordPress any way they can.
What can you do? Link to his article:
