I have a habit to check the many sites on the possibility of hacking. More precisely - for its protection. I do not mean that I Cerf Internet in search of vulnerable sites, rather analyze Popeye "arm."
I noticed that many of my readers are strongly neglected the safety of their blogs without making some steps in self defense after WordPress installation or upgrade. This is just massive!
Most crackers (especially students and school children, after watching movies like "Hacker") for breaking a blog on WordPress using the data on its version. Version of the blog you can find a variety of ways.
For example, using the readme.html file and license.txt located in the root of the site.
See for yourself:
I will not give anything away. The most surprising is that many of these webmasters are not the first on the Internet, but can be such a serious error. Guys! Let's Eliminate your vulnerability!
For this you just need to delete the files license.txt readme.html and via FTP to kornevike blog. Most likely it will be a folder sitename / public_html /
To check the availability of your blog on this kind of vulnerabilities enter into your browser address: http://imya_sayta/readme.html
In addition, he wrote his own version WorPress directly in the page code. In the title HEAD.
To clean it out, put this in theme functions functions.php line
'wp_head' , 'wp_generator' ) ; ?> <? Php remove_action ('wp_head', 'wp_generator');?>
Utilities folder of the engine can also be of some danger. An attacker can see which (for example) the plugins you are using and find the "key" to your blog.
Eliminate too easily. Place an empty index.html or index.php file in the folder Site name / wp-admin /, sitename / wp-content /, sitename / wp-includes /. Or do as I do. Put this here is an interesting file . Cool, huh? Download it and use it.
Also recommend you to add to your file. Htaccess, which also lies at the root of the site lines
- Indexes Options All - Indexes RewriteEngine On
This will protect others from viewing your folders strangers.
To check your (or someone else's) blog to enter a vulnerability in the browser address bar etc.
By reading this post, I hope that the authors of the above blogs as an example, has eliminated its vulnerability. The rest I can advise to fix your own.