Wanted to write a quick post today to share with you a simple trick to protect your site from hackers. I recently had a site compromised by leaving the default twenty eleven / ten themes on the site rather than deleting them. Without sharing the exact method, it was clear that if I had deleted those themes after installing my base theme, I would have been able to avoid the attack.

With so many people using pre-built themes (each of course with their own set of vulnerabilities) or people doing custom builds, I really think that WordPress doesn’t need to install a default theme going forward.

Also as an additional tip, make every file read only with the installation to further secure your sites.

Photo credit: Cari McGee