Website Security. FTP Security Ideas to make your website harder to hack.
Essentially a weakness occurs in your FTP accounts. The very fact that there is one allows a hacker to find it and use it.
This can occur in two ways.
1) They can packet sniff your use of FTP, decrypt the login and password and use it.
2) They can get hold of it via your web host (having hacked a list of accounts).
Then usually a script is run on a regular basis to re-apply whatever redirects or alterations they want.
For WordPress sites you shouldn’t have that much need for am ftp account. So why have one lying around? Instead just set one up via cpanel or whatever at the time you need it and delete it again when you are done.
It really isn’t that much of an overhead in effort if you are not using FTP frequently (which you shouldn’t need to do as a WordPress site owner).
Other ideas include making a diary note to change the login and password on a regular basis and limiting the scope of the FTP account (to one website for example if your account holds multiple websites).