RSS Feed
Twitter
Given the popularity of WordPress, it is regularly targeted by hackers. Even if you upgrade your blog immediately when a new version is released, your site might already have been hacked. Therefore, if there are known WordPress vulnerabilities, old or otherwise, your blog is susceptible to being exploited.
There are two main places for hackers to target on your blog: the files and the database. For them to run arbitrary code on your site (instead of just editing your content, which is mostly in the database) they usually have to hack the files.
(As an aside, for database changes, you could look into MySQL binary or master logs, although you usually need full access to your server to look into these. Also, if you have full access you should also look into more intense protection systems as suggested by Donncha.)
A lightweight way to be on the alert of potential hacks is to get notified whenever a file on your site is changed. Every hour, or more or less frequently depending on your needs, you can run a script (via cron or WP-Crontrol) to e-mail yourself a list of all of the files that have been changed since the last check. (If no files have been changed, no e-mail is sent.) If you or someone else that you know was making edits to the files, then you can just continue with your day. However, if unexpected files have been modified, you can investigate further.
More information can be found here
Posted in 