To see if can register a user

http://domain.com/wp-login.php?action=register


Get WordPress version
Read the HTML code, you will got this line:

<meta content="WordPress 2.6" name="generator">

This can be prevent by add this line into the WordPress theme before wp_head:

remove_action('wp_head', 'wp_generator');
wp_head();

There has another way to got the wordpress version from rss:

http://domain.com/?feed=rss2

View the source XML code you will got this information:

<!-- generator="wordpress/2.2.1 DE-Edition" -->
......
<generator>http://wordpress.org/?v=2.2.1</generator>


Get installed plugins
Got to this url will got all installed plugins:

http://domain.com/wp-content/plugins/

Prevent it:
Add this line into .htaccess:

Options -Indexes


Running Arbitrary PHP Code
The PHP code of theme can be changed from wp-admin -> Appearance -> Editor
Prevent it:

chmod o-w wp-include -R