Keep it and all plug-ins updated, and that should keep you free of 99% of issues.
Every script or extra thing you add to it only makes it weaker. Wordpress as a community is pretty on top of anything that happens to the code or exploits.
When you see the notice to update, check all your blogs and update them.
LinkSpun - Premier Adult Link Trading Community - ICQ - 464/\281/\250 Be Seen By New Webmasters/Affiliates * Target out webmasters/affiliates based on niches your sites are for less than $20 a month. AmeriNOC - Proudly hosted @ AmeriNOC!
I know of one exploit, but haven't reported it quite yet.
A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash.
I know of one exploit, but haven't reported it quite yet.
A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash.
I knew about that, but its a joke. Took me less than 5 minutes to trick it with some known theme exploits.
well, nothing id going to top going through each .php file manually, but this works quite well as is for catching most embedded code in wordpress themes that i've come across thus far...
Protect wp-login.php with htaccess, so only your IP can access it.. Increases the security alot. And of course, take all the steps mentioned in this thread
Comment