WordPress.com was hacked yesterday, see; http://en.blog.wordpress.com/2011/04/13/security/. The IRS had a hacked website last week. Almost ever site can be hacked give sufficient resources. Especially when you do not have full control of ever element.
I do what I can. I don’t use a back end database to avoid cross site scripting attacks, and I much of my site is boring and hand coded. I have no advertising as this is a gateway for malware. But I host my system commercially, and use commercial software. My host could be hacked. WordPress could be vulnerable.
You can get exposed to malware even from legitimate sites. What can you do?
- Run your browser sandboxed – I am using Chrome which has its own sandbox
- Do not use an admin account for daily information
- Don’t turn off UAC for Windows 7, even it it annoys you.
- Secunia PSI can help you stay current.
- Keep a backup of your important files
- Use a password keeper that generates random passwords. I use KeyPass
- Opt out of having a site keep your credit card where you can. I have had two replacement credit cards from online vendor hacks