This document discusses hardening WordPress sites to prevent hacking. It defines hardening as securing a system to reduce vulnerabilities from illegal access. It identifies common attack vectors like XSS and SQL injection. It recommends keeping plugins updated, not using plugins from untrusted sources, and scanning sites for vulnerabilities. Quick hardening tips include restricting PHP execution in uploads, securing wp-config.php, and using security plugins. It also demonstrates how a vulnerable WordPress plugin could allow execution of system commands and obtaining a remote shell.