I have built some website on wordpress and there are some wordpress websites hosted on my domain by my friends. Everything was fine when one day I noticed something strange, I couldn’t save my .htaccess file as it was always reset. I spent hours on it, trying to fix it, finally using WP_Debug = true I figured out that my files had been compromised. This was second time this year that had happened, I am using a shared hosting with siteLock, all my websites are fully updated, maybe some friends/clients aren’t, so what’s up with wordpress security?
Still it is a big concern that a widely used cms like wordpress has so much of security flaws. I know it started as blogging, but now a days many ecommerce and high end websites are built on it. The framework has to be strong and resist change especially wp-include and wp-admin. There should be some default feature to check the integrity of files in wordpress. Still since it has a large developer groups I found some security plugins that do the same. I am using Sucuri Security, which checks the folder permission. file integrity of wordpress.
Using this plugin has become a bit of help, and I am still looking over the websites daily. I would like to suggest you all that if you find any thing abnormal in wp, there is a high chance that your site might have been compromised, so I suggest you to delete all folders except wp-content (you can delete plugin folder if you want) and replace them with new wp folders. Make sure the folder permissions are secure and finally, do update your site ASAP, as wp has high hack rates. Something has to be done about WordPress Security, and I hope the WP Team addresses this issues soon.