It’s hard not to laugh at some of the exploit attempts made against this VPS. Since it’s easy to tell that my site runs WordPress, those with nefarious intent probe for ways to access its configuration file. Fortunately, one of the security hardening options WordPress supports is moving
wp-config.php above the web-accessible directory that holds the CMS itself. Alone this isn’t enough, but it’s nice knowing that unsavory individuals are consistently looking for things in the wrong places.