Easily Secure Your WordPress Website
1. Use complex and long passwords that contain upper case letters, lower case letters, special characters, and numbers. Make your passwords at least 20 characters long. I use a password manager that automatically generates secure passwords and keeps track of them. I only need to remember one password to access the password manager. The password manager keeps track of my hundreds of other passwords. Great password managers include LastPass, 1Password, and Password Genie.
2. Create a different password for every account you sign-up for. All of your accounts will be compromised when a hack occurs if use the same password over and over again for every site. Notice that I said “when” and not “if” an attack occurs.
3. Don’t use admin as your WordPress username
4. Install a WordPress plug-in that limits the number of login attempts allowed by one IP address. The plug-in will block the IP address for a certain amount of time preventing brute force attacks. Brute force attacks can figure out easy passwords through trial and error. Brute force attacks also waste bandwidth and server CPU time, which can be a big issue on shared hosting accounts. I use Limit Login Attempts.
5. To prevent brute force attacks from trying to log into your admin page, change the name of the wp-login.php file n the root folder of your WordPress installation through an FTP program. Rename the file back to wp-login.php when you need to use the WordPress admin again. Change it back to something else once you are done using the admin.
6. Make sure you stay up to date with security patches for WordPress, your WordPress plug-ins, and other software
(The above lock image is from Flickr User Max Klingensmith and is used under the Creative Commons Attribution License)