You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
The fix malware problems free Codex has an outline of what permissions are acceptable. File and directory permissions can be changed via an FTP client or within the page from the hosting company.
I might find it a little harder to crack your password, if you're one of the ones that are proactive. But if you're among those reactive ones, I might just get you.
Exploit Scanner goes through the files on your website database, comment and place tables in search of anything suspicious. You are also notified by it for plugin names. It does not remove anything, it warns you.
It's really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money into the war chests. Balderdash.
There is another problem you have with WordPress. People always know where they can login and they could just drop by with your login form and try a different combination of passwords and user accounts out. So as to stop this from happening you need to install Login Lockdown. It's a plugin that allows users to attempt and login with a wrong password three times. After that the IP address will be banned from the server for Clicking Here a certain amount of time.