A couple of weeks ago I got an unhappy email from my web hosting provider telling me I was in violation of their Terms of Service. Of course I called them immediately and was told that there was a “phishing page” hidden in one of my web directories. My blog had been hacked, so I immediately started doing some house cleaning.
After the initial once over and deletion of any suspicious files I went looking for advice on how to “harden my installation”. Here’s what I found:
- Wordpress.org Codex Hardening Wordpress - Lots of good information here on hardening Wordpress including a general overview of Wordpress security considerations.