Originally Posted by pr0

Everything said in this post is helpful. But just to follow up on it......

But let me stress yet once again........on top of spending thousands of dollars/hours tightening up scripts

When using 3rd party applications, change common file names & "footprints" for the script (search able in the major engines). The less your site can be found by exploit scanners, the less likely you are 2 be hacked. P.S. Renaming the files will result in no real adverse effects in your SE rankings.

For instance, hackers will have a program submit the following to google in several formats....

powered by WordPress
Entries (RSS) and Comments (RSS).

or look for /wp-admin/ directories by ip subnets, well known to be owned by hosting companies......simply changing mundane file structures & footprints will leave you 100x less likely to have your blog (for example) scanned every time a new 0-day exploit hits

so yes...tighten your scripts, consult a security expert, BUT ALSO learn to hide subtle indicators hackers use to find your site in the first place...typically site pwnage/blog spam etc. comes directly from a simple mass google lookup......sometimes simplicity beats over-thinking security

finally if you've been with your host for a few years & you're about to start a new site, ask them if they've obtained a new ip block recently, see if you can get 1 or 2 of the new stock for your newest sites