Finally, installing the secure your wordpress site Scan plugin will check all this for you, and alert you that you might have missed. It will also inform you that a user named"admin" exists. Needless to say, that is the user name. If you wish, you can follow a link and find directions for changing that title. I personally believe that a password article is good enough security, and there have been no successful attacks on the sites that I run because I followed these steps.
A simple way is to use a few built-in tools. First of all, do not allow people run a web host security scan, to list the files in your folders and automatically backup your web hosting account.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it if it can't be found in the root directory. Also, nobody will have the ability try this website to read the file unless they have SSH or FTP access to your server.
Upgrade now if you're not running the latest version of WordPress. Like maintaining your door unlocked when you leave for vacation, leaving your site in an old version is.
However, I advise that you install blog here the Login LockDown plugin instead of any.htaccess controls. From being permitted after three failed login attempts from a certain IP address for one hour, login requests will stop. If you do so, you can access your panel whilst away from your office, and yet you have protection against hackers.