The downside to the popularity of WordPress is that it has now become a good target for hackers. With each major release of the platform, there are many security fixes that appear after words. While you can’t control the WordPress code, at least most can’t, the one thing you can do is control your blog. There are many things you can do to ensure you blog is as secure as it can be.
Change the administrator ID and password. This should be standard practice regardless of whether it is for a WordPress blog or another item such as a router. Never use the default user ID and password. Always create your own ID with a strong password.
Change your database table prefix. By default, when you create your blog’s database the prefix for all the tables is ‘wp_’. Everyone who has used WordPress knows this, so they would know the structure of your database. By changing this prefix, it makes it harder for others to guess the names of your blog’s database tables.
See document “Editing wp-config.php”
Secure your WordPress installation. How much you want to secure you WordPress directories depends on how much you want to learn. Some steps include preventing directory browsing,and allowing access to specific files and directories from an IP address. Performing a search in Google will yield many results that can walk you through the process step-by-step.
Install a security-checker plugin. There are several plugins that you can install that will check your WordPress installation for any security holes. You don’t need to keep these plugins enabled, but it is good practice to enable once in a while to verify that there are no glaring security issues with your blog.
See : WP Security Scan
Install a backup plugin. It is a good idea to make regular backup copies of your WordPress database, files, and directories. If someone does manage to get into your blog, does some damage to the point where you can’t continue, you can always restore a backup copy and continue within a few hours. There are several plugins that allow you to schedule backups so you don’t have to remember.
See : WP-DB-Backup
While the above list isn’t exhaustive, it provides a good list of items that you can look at when you want to secure your WordPress blog. There is a lot of information online about securing your blog, which you read and learn what works best for you.