Securing Your WordPress Site
WordPress Dashboard Protection
There are regular login attacks on WordPress installations. It’s good practice to use a custom username and complex password for your WordPress administrator account.
It’s also helpful to use a login protection plugin such as WordFence or BruteProtect to reduce login vulnerabilities. If you use WordFence with W3TC, disable its Falcon caching.
Hardening WordPress
The WordPress codex has an excellent guide to securing your WordPress site. If you’re self-hosting, be sure to run their file permission scripts:
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \; find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;
You’ll also want to review my guide to securing your instance.