How to Secure Your WordPress Site
1. Keep WordPress core updated
The best way to keep your WordPress secured is to keep your WordPress updated.
2. Don’t Use “admin” as your username.
If your wordpress login is “admin”, this got to be changed. “admin” is the default username. But not using this default, you make it way harder for them to do a brute force attack. Now they have to guess the username AND the password.
3. Disable code file editing via dashboard
Placing this line ….
define('DISALLOW_FILE_EDIT', true);
in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users.
4. Don’t use the “wp_” prefix for your database tables.
If your database table are prefixed with “wp_”, this can be changed by a skilled developer.
5. Keep Themes and Plugins updated
And remove those that you no longer use. The reason is that some themes/plugins may be using scripts that may have security holes. (For example, TimThumb script was one).