[_ck_]

It’s kind of hilarious they have blocked ftp yet template upload and edits via php can completely open your system to security vulnerabilites. We’re still trying to figure it out but I have a strong suspicion of the WordPress theme-editor.php causing a large number of WordPress sites to get compromised recently:

babloo/blyat spammer attack on many WordPress blogs

The day bbPress gets a built in theme-editor, delete the file immediately.

Also delete xmlrpc.php unless you absolutely need trackbacks/pings.

And never, ever, use a dictionary word within a WordPress password as there’s no limit on login attempts.