Two Decent Ways to Protect Your WordPress Site
Protect Your WordPress Files and Database from Scripts
There are people who have nothing better to do with their time than go and try to break into WordPress pages and cause havoc. Here are two real easy ways of protecting your sites other than making a real difficult password.
1. Do not use the default name admin. The easiest way for someone to guess your password is to use a script that uses admin as the default administrative login name. Simply use another name. If you already have admin used then you can create a new administrator then take away the admin rights. I also use a tool to tell me how many times my site gets hit per day by people trying to use admin to login. I was shocked when I first read the report.
2. All database tables in WordPress have a naming scheme which makes it easy for scripts to alter the database through either mysql or php. When you’re configuring the wp-config.php file change the database prefix to something a little different than wp_ this will throw off the scripts looking for the default WordPress schema and throw them off their tracks.
There are other ways of protecting WordPress such as using htaccess to block certain countries or IPs from visiting your site. Of course then you take the risk of users from these sites not seeing your content, but if you will notice there are two very big countries who try to hack all the time or put irrelevant comments in your site and they usually come from very distinct blocks of IP addresses. If these are blocked then the problem is solved almost immediately.
There are many other ways of protecting your site, but these are probably the easiest and fastest to implement. It will save you hours of rebuilding your site.