A nasty hacker has taught a lesson to research scientist David Pennock. The lesson is that our WordPress blogs are not secure, and we should be pro-active in reinforcing their line of defense. David Pennock’s post describing how his blog was hacked is worth reading if you own a self-hosted WordPress blog. Here are the external links he points to:
- WordPress, remv.php and you
- 3 must apply security tips for WordPress
- Hardening WordPress
- 5 plugins to keep WordPress secure
- Anatomy of a WordPress hack (â€The kicker? All these sites were on Dreamhost.â€)
- Did your WordPress site get hacked?
- DreamHost: Troubleshooting hacked sites
- Dealing with a hacker on DreamHost
- Docs on WordPress feeds
- AskApache plugin to display all the internal WordPress URL rewrite rules (example use) (I couldn’t discern how to interpret the output)
- WordPress exploit scanner plugin (I didn’t use after this question spooked me)
- Secure WordPress plugin
- AskApache password protect plugin
There is one thing that our Yahoo! fanboy (who is now a “rock star” in India) didn’t tell his readers, though. Google Webmaster Tool is a great way to:
- get warned about whether your site is vulnerable to hacking;
- tell you the problems Google encountered when spidering your site;
- re-include your site in the Google index after your blog has been hacked and you’ve cleaned it to the bones;
- and the cherry on the cake is that Google Webmaster Tool will store the warning messages for you even if you’re not yet registered with them.
Our Yahoo! fanboy will never tell his readers that Yahoo! Site Explorer is much, much inferior to Google Webmaster Tool. Only Midas Oracle tells you the truth, folks. 
FYI I just signed up for Google Webmaster Tool.
And have you found out a message telling you your blog was vulnerable to hacking (a message dated from before you registration)?