Installing the fix wordpress malware fix Scan plugin will check most of this for you, and alert you that you may have missed. Additionally, it will inform you that a user named"admin" exists. That is the user name. If you desire, you can follow a link and find directions for changing that title. I think that there is a strong password good enough security, and since I followed those steps, there have been no attacks on the several blogs that I run.
Don't depend on your Web host - Many people rely on their web host to"do all that technical stuff for me", not realizing that sometimes, they don't! Far better to have the responsibility lie instead of out.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be found in the main directory. Additionally, pop over to these guys nobody will have the ability to read the file unless they have SSH or FTP access.
Another step to take to make WordPress secure is to always upgrade WordPress. The see it here main reason for this is that with every update there come fixes for security holes that are old which makes it essential to update early.
However, I recommend that you install the Login LockDown plugin in place of any.htaccess controls. Login requests will stop from being allowed from a specific IP address for one hour after three unsuccessful login attempts. If you do so, you can access your admin panel while away from your workplace, and yet you have good protection against hackers.