Inclusion - include extra files Remote File Execution - like RFI may send data else where or inject another server script from remote source Brute Force / Data Dictionary - constantly hitting / DB of common words / phrases
site in a separate DB with separate user 3. Only give permissions that are actually need to mysql user 4. Make sure file permissions are correct 755 directories - find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \; 644 files - find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;
wordpress will automatically look one directory up 2. Generate Fresh Auth Keys and Salts 3. Do not use “wp_” as the table prefix, make it random $table_prefix = 'icn_'; 4. Disable File editing define(‘DISALLOW_FILE_EDIT’, true);
for extra security) 2. Limit login attempts 3. Keep everything up to date 4. Keep permissions slim 5. Use a security plugin (iTheme Security) 6. Remove unused plugins and themes