Nice catch.

I don't know about limiting by IP since just looking, for example, at my profile in WebmasterWorld, there are a lot of IPs there. If you're connecting over a regular DSL connection, your IP probably changes a lot.

The WP Codex has some tips too:
[codex.wordpress.org...]

I've recently read some comments by some very savvy folks that have suggested that WP, even "patched and up to date", is an easy target for hacking.

IF I follow the advice outlined in this thread, including following the steps outlined in the linked to or referenced material, will my WP site still be an easy target for hackers to penetrate?

If "yes" then what more ought to be done? (I assume if you know that WP - even with the latest "security patch" - can be hacked then you must know "how" it can be hacked.)

If "yes" then what, exactly, are examples of the "known but not fixed vulnerabilities"?

Is WP, patched and up to date, secure or not? If not, then what more needs to be done to lock it down?

And please don't answer by stating that the answer to WP security is "don't use it". If you're so cocksure it's vulnerable then state the vulnerability.

Otherwise your "it's easy to hack" cockiness will be deemed to be flacid cockiness. ;-P

[edited by: Webwork at 4:38 pm (utc) on May 2, 2008]

Geeze Jeff - glad you edited that. I'm afraid of the first version.

The other Matt (Mullenweg) claims that almost all Wordpress installs that get hacked are out of date. I don't want to debate the truth or falsity of that. Instead, I'll let you read what Matt and Lorelle (perhaps the #1 WP blogger) have to say on it:

Matt Mullenweg claims WP is secure if kept up to date [ma.tt]
Lorelle adds to what Matt says [lorelle.wordpress.com]

These are long articles, so let me give you one takeaway: Matt gives a few methods to keep a WP install up to date and says it should take less than five mins. I recently tested the Semi-Automatic Update Wizard thingie and, yes, takes less than five minutes.