Finally, installing the clean hacked wordpress site Scan plugin will check most of this for you, and alert you that you might have missed. It will also inform you that a user named"admin" exists. That is your administrative user name. If you wish you can follow a link and find directions for changing that title. I personally believe that there is a password enough protection that is good, and there have been no successful attacks on the numerous sites that I run, since I followed those steps.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, which hides the files out of public view.
One thing you can take is to delete the default administrator account. This is important because if you do not do it, malicious user already know a user name that they could try to crack.
Whitelists phrases and black based on which field they appear within, in a page request. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
There is. People always know where they can login and they could visit your login form and try a different combination of user click for source accounts and passwords out. In order to stop this from happening you want to set up Login Lockdown. It's a plugin that only lets users attempt and login with a password three times. Following that the IP address will be banned from the server for a certain amount of time.