It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins. How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?
Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it. Eg. change your........