WordPress security tips:
* Keep your WordPress installation and plugins up-to-date always and immediately. Many attackers try to take advantage of loopholes in outdated software. So, do not hesitate to upgrade WordPress fearing it would break custom made themes and plugins. Security should be the top priority. Use only trusted sources for WordPress themes and plugins. Please be aware that most of the pretty looking free WordPress themes may be having malware.
* Use a strong, unique and different password each for WordPress admin user name, WordPress MySQL database, FTP user account and the web hosting control panel user name.
These two steps are the most important WordPress security measures as recommended by Matt, the WordPress founder.
* Do not use the default admin user name called “admin”. Delete it. Create more than one admin user name. Let their names not be the same universal user names you use everywhere.
* Use WP Security scan plugin and follow its directions. Especially, change the default wp_ prefix for the WordPress tables in the database.
* Backup your database, theme files, uploaded media regularly. So, if something goes wrong not everything is lost and you can restore from the backups.
* WordPress security whitepaper is a good read. Some of it’s recommendations are automatically done by WP Security scan plugin.