Re: THEME UPLOADER?
It’s kind of hilarious they have blocked ftp yet template upload and edits via php can completely open your system to security vulnerabilites. We’re still trying to figure it out but I have a strong suspicion of the WordPress
theme-editor.php causing a large number of WordPress sites to get compromised recently:
babloo/blyat spammer attack on many WordPress blogs
The day bbPress gets a built in theme-editor, delete the file immediately.
Also delete xmlrpc.php unless you absolutely need trackbacks/pings.
And never, ever, use a dictionary word within a WordPress password as there’s no limit on login attempts.