There is a security update for self-hosted WordPress sites that you need to install. It is numbered 3.4.1 and it contains security updates.
- Back up your site.
- Run the update.
- Update your BPS Security installation, or update whatever site security softwear you use. You may have to create new, updated .hta accesss files. Then you will have to reactivate the BPS coverage of them.
I have invested too much of my soul into my writing to risk losing all those captured thoughts, or allowing someone else to control them. I also wanted to host my own images for the same reasons.
Wordpress was the logical choice for me. I will admit that at first I did not understand what a huge security risk I was taking with this step. Live and learn. I learned a great deal about the real differences between a url, a domain, a site, a host, the site software, intellectual property, and a huge amount of other information about how I put my thoughts out on the web.
Because I had next to no funds to pay someone else to create and maintain sites for me, when I first started doing this,I learned how to do it myself.
I’m continuing to learn how to do as much as I can for myself. I have played aroud with Drupal CMS (content management system) sites in the past and will eventually use Drupal for some of my sites. But some of my main strengths are my skepticism and my DIY attitude. So I am not apt to give in and 1) believe everything I’m told, and 2) allow anyone else to do for me what I cannot do for myself.
One of my friends simply delights in telling WordPress users that something like, he says, 87% of WordPress sites are infected with malware. I say, that may be true, but 50% of those sites have taken absolutely no steps toward securing their site.
Get http://www.akismet.com to stop spam comments. Require that people leaving comments prove they are human the first time they leave a comment by having to fill out name and website; this is an option under the discussion settings on your dashboard.
And MOST IMPORTANTLY of all, make sure that your cpanel settings, through which you access your hosting services, have anonymous ftp disabled. You do not want to allow anonymous access through which someone could upload files, malware, and all sorts of nefarious software onto your server. Seriously, if you don’t know how to do this, or how to find out whether it is enabled, talk to your hosting company or the person or company you use to maintain your WordPress site and make sure anonymous ftp access to your server is disabled.
Don’t be freaked out, just start doing and eventually it all falls into place.