Internet marketers create websites and blogs to provide their products and services. Basically, their main goal is to earn money. This is the main reason why most of the web site owners only concentrate on the website's rank as well as the design and its contents. Well, users don't really care apart from the design and the contents of your website. They will not even care about the security of your blog or website. But by making a website even if security isn't your primary concern, it has to be your top priority.
The secure your wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the administrative page from the web host.
Don't make the mistake of thinking that your web host will have your back as far as WordPress copies go. Not always. It has been my experience that the hosting company may or might not be read the article doing proper backups, while they say that they do. Why take that kind of chance?
Exploit Scanner goes through the files on your site database, comment and place tables seeking anything suspicious. It also notifies you for plugin names. It does not remove anything, it warns you for potential threats.
It is really sexy to fan the flames of fear. That's what click site bloggers and journalists and politicians and public figures mostly do. It's terrific for readership and it brings money into the war chests. Balderdash.
There is another problem you have with WordPress. People always know where they can login and they also could visit with your login form and try a different combination of user accounts and passwords out. In order to stop this from happening you need to set up Login Lockdown. It's a plugin that allows users to attempt to login with a password three times. After that the IP address will be banned from the server for a certain timeframe.