Year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
Installing the fix wordpress malware scanner Scan plugin will check most of this for you, and alert you to anything that you might have missed. It will also tell you that a user named"admin" exists. Of course, that is your user name. If you desire, you can follow a link and find directions for changing that title. I personally think that there is a password good enough security, and because I followed these steps, there have been no successful attacks on the several blogs that I run.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, which hides the files out of public view.
There's discover here a section of config-sample.php that's headed"Authentication Unique Keys." There are four definitions that appear within the block. A hyperlink is within that section of code. You want to enter that link in your browser, copy the contents which you get back, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your website.
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a good choice.
There is. People always know they could drop by your login form and where they can login and try out a different combination of user accounts and passwords. So as to prevent this from happening you want to install Login Lockdown. It's a plugin that lets users try to login with a wrong password three times. After that the IP address will be banned from the server for a certain timeframe.