1. Upgrade to the newest version of WordPress
I would look up known vulnerabilities in old versions of WordPress.
Then I would scan the web looking for sites that are running an old
version of WordPress that I know has a hole in it. I would automate the
whole process. Once my automated script finds your blog running an old
WordPress version, I would simply drop right in through the hole that
security databases have known about for months or even years.
You can stop me from doing this by
upgrading to the latest version of WordPress which is version 3.2.1 at
the time of this writing.
2. Upgrade all your themes and plugins to their newest versions
In case you’re running the newest WordPress, I would look at your
themes and plugins. I would try to find an old version of a theme with a
known hole in it. Then I would drop right in and have my evil way with
your server.
3. Get rid of the ‘admin’ user
If your WordPress core files, themes and
