Protecting your Wordpress site from a malicious attack by using an .htaccess file in your upload folder. When uploading pictures to your Wordpress site, your host may require you to set the permissions of the upload folder to 775 or even 777. A permission of 777 gives everyone read, write and execute privileges on that folder. This is very dangerous and can give hackers the ability to access your site and server via this wide open folder. One way to minimize your exposure is to add an .htaccess file to the folder with the following code. http://www.trafficisgold.com/2009/09/..
. This will allow only certain files to be uploaded to this folder and deny all others, most importantly files that contain scripts. Word of caution: No site is 100% safe. If a hacker wants into your site bad enough they probably can find a way.