From time to time, someone asks about how Weaver handles web security. Weaver and Weaver II share their security code, and it has been scrutinized by both the WordPress theme review teams, and the Weaver user community. Over time, the developers at WordPress have developed a set of guidelines to make WordPress and WordPress themes as secure as possible. Weaver follows these guidelines, and is using the currently known best practices.
To date, there have been no known security breaches via Weaver. But note that WordPress plugins are not subject to the same scrutiny as themes, and there are known breaches via plugins. For example, the old wpweaver.info site was hacked via a problem with the Captcha code used by the Mingle Forum (since corrected).
And how do you know if you have an old-fashioned shared host that could allow that? One symptom is a need to manually change some file permissions to get WordPress to work right. Another is the need to enter an FTP password when you update themes or plugins. But, and this is very important, getting those symptoms does not necessarily mean you have an issue. IF you are using a shared host, it usually does mean you might have a problem. IF, on the other hand, you are using a VPS or other kind of more “private” hosting, it probably isn’t an issue. The difference is that if it happens on a shared host, then other accounts could potentially get access. But if you have a private host (e.g., a VPS), then you are the only user with access to your files, and you are not subject to this kind of attack.
And this kind of sharing issue comes only from other users on the same shared host. The likelihood that one of the other users is a hacker is non-zero, but not large.
So what do you do if you find out you have a host with an insecure file sharing configuration? FIND A NEW HOST! This kind of approach to sharing is inexcusable. It is possible that your host might have different servers that have been upgraded, and you might be able to switch, but don’t stay on these insecure shared hosts.