Recently I had a WordPress site for a friend. He never installed it, and someone installed it and uploaded a file that gave them access to my server.
The server wasn't really important, hence me being sort of lax with the security, but it got me thinking about how I could better secure WordPress installations on personal servers.
I was thinking I could either move the uploads directory outside of the web root. Or I could maybe configure Apache or some settings to where PHP files won't run.
I'm not going to post this on Stack Overflow because it's sort of discussion based. So any help would be appreciated.