This blog was hacked into, briefly, yesterday morning; little harm was done.
It’s important to plug vulnerabilities, which can exist in themes or plugins, older versions of WordPress, or improper configurations. My mistake may have been in being careless about updating my application and plugins.
Another possible vulnerability was the Democracy plugin. It enables you to host polls via WordPress. But because it in effect gives users a degree of writing permission it opens a little gate that might be exploited. It’s cool, but I never used it much, and I’ve deactivated Democracy on all my blogs. If I need to run a poll I’ll just host it offsite, like B in the D. I also followed Matt Cutt’s advice and created a blank index file for the plugins directory so as not to leak information about the plugins that are active.
Here are some helpful links:
- Three tips to protect your WordPress installation
- WordPress Scanner
- WordPress security plugins
- Hardening WordPress with .htaccess
I might not have this absolutely clamped down yet, but it’s certainly tighter than it was.