Theme security for a WordPress site

It is a fact of life on the Internet that hackers are roaming continuously in search for a chance to apply their knowledge to abuse your web site. Recently, I had the occasion of noticing an opportunity that I should not have let happening on Roumazeilles.net

My web site is using WordPress as the “engine” to build a convenient and efficient site. WordPress happens to be using “themes” to appropriately display the contents (that is what is differentiating each WP website from the others). This capacity has helped develop a thriving community of themes, some being free, some being purchased.

The main trouble is that themes like any other piece of software are susceptible to bugs and could be exploited by hackers. I recently noticed that my (previous) theme was clearly outdated (not updated in the last 24 months) and including some known security issues leaving it open to abuse.

Lesson learned: Do not use any piece of software (including a WP theme) if it is not actively supported.

Application: I decided to drop the free (and unsafe) theme I was using. I swithed other to one of the “official” themes from WordPress.org. And I am learning to configure it properly. Hence the changes you can currently observe.