You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
Install the fix wordpress malware plugin Firewall Plugin. This plugin investigates net requests with WordPress-particular heuristics that are straightforward to recognize and stop attacks that are obvious.
No software system is resistant to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way to stave off attacks, once security holes are found because their products will be fixed by software vendors that are reliable.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it if it can't be found in the root directory. Also, nobody will have the ability to read the file unless they have FTP or pop over here SSH access.
Now we are getting into matters. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
However, I recommend that you set up the Login LockDown plugin in place of any.htaccess controls. From being allowed after three failed login attempts from a certain IP address for an hour, login requests will stop. You can still access your panel while away from your workplace, and yet you have great protection against hackers if you do that.