Controllare per vulnerabilità
owncloud:
https://owncloud.org/security/
https://hackerone.com/owncloud
http://www.cvedetails.com/vulnerability-list/vendor_id-11929/Owncloud.htm
wordpress:
http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/

1. no admin name user, no domain name as user (anche per db e ftp)
2. Site always up-date
3. controllare commenti chiusi ed iscrizioni utenti chiuse
4. no login in wp-admin
5. captcha on the login page/ no brute force
6. ip list for bot
7. https on login
8. rewrite rule to 404 for admin area

 
WP-PLUGIN:
-Anti-Malware and Brute-Force Security by ELI
-iThemes Security (cloud solution, piuttosto invasiva)
-Sucuri (?!?! non aggiornato)