Are you running wordpress ?

WordPress is a very common platform within the web community, companies, bloggers and hobbyists alike use it because it’s simple to use and manage. That said it becomes a target to unwanted hackers, spammers and generally people who don’t regard websites as private property. There are a number of ways that people look for security issues, old version code, known vulnerable plugins and miss configuration.

To help protect there are a number of steps you can look at and site tools to check whether you are at risk.

Plugin checkers – are your plugins exposed? This site scans your site to see what plugins it can see, it may only have a scan list of 65 plugins at the moment but just one plugin that has a security flaw may bring your entire site down. If the site scans and comes back with no plugins found then your doing something right. This scan checks for readme.txt files that belong to the plugins so the easiest thing would be to forbid access to readme.txt files within the site as they are only files that just explain installation of the plugin, really the only txt file needed to be public is the robots.txt. I nice way to block these if your host provides it, is via .htaccess just adding the code below would help towards securing a wordpress site, if an attacker cannot find plugins installed they cannot attack them.

<Files ~ "^.*\.([Hh][Tt][Aa])">
Order Deny,Allow
Deny from All
Satisfy All
</Files>
<Files *.txt>
Order Deny,Allow
Deny from All
</Files>
<Files robots.txt>
Allow from All
</Files>