One of my wordpress blog hacked, which hosting in a offshore server. i got a mail from host which is given below. First of all sorry for inconvenience caused, in last 2 days. PROBLEM : Some of the sites using wordpress, drupal, typo or other 3 part scripts has some files or folders that has full permissions. Hacker can easily hack these sites. Solutions : - change your cpanel & FTP password (should be combination of words, numbers & special characters.). - check your & your clients public_html folders, and remove files which are not uploaded by you or your clients. - IMP - check files & folders permissions it should not be full writable (777 or rwxrwxrwx). http://www.elated.com/articles/understanding-permissions/ - upgrade all their 3rd party PHP scripts to the latest stable/secure versions. FTP connection will start working in next 1-2 hours. Thanks for your kind cooperation. How can i avoid this? i have confusion with chmod in wp blog? can anyone advice me suitable chmod for wp blog files ?