You could do a scan with this: http://wordpress.org/plugins/exploit-scanner/ download from: http://downloads.wordpress.org/plugin/exploit-scanner.1.3.3.zip
check also on the server: open mysql MySQL (unauthorized)

Server should be hardened not to be so loud with header info (attackers get far too much info that way):

  1. Server: Apache/2.2.22 (@RELEASE@)

  2. X-Powered-By: PHP/5.3.3
    It looks like 2 cookies are being set without the “HttpOnly” flag being set (name : value):

  3. woocommerce_items_in_cart : 0

  4. woocommerce_cart_hash : 0

How to do this, you could read here: http://www.shanison.com/2012/07/05/unset-apache-response-header-protect-your-server-information/
link article from Shanison software engineer…

polonus