How to Secure Your WordPress Site
1. Keep WordPress core updated
The best way to keep your WordPress secured is to keep your WordPress updated.
2. Don’t Use “admin” as your username.
If your wordpress login is “admin”, this got to be changed. “admin” is the default username. But not using this default, you make it way harder for them to do a brute force attack. Now they have to guess the username AND the password.
3. Disable code file editing via dashboard
Placing this line ….
in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users.
4. Don’t use the “wp_” prefix for your database tables.
If your database table are prefixed with “wp_”, this can be changed by a skilled developer.