One of the first things you do when you set up a WordPress site is work on the colors. Then it's time to add data and text. But what about WordPress security? Don't let the fun of setting a new site up distract you from the goal of protecting the information you're putting online.
In addition to text and the graphics you're creating, you're going to require a backup and protection option for your website. rename your login url to secure your wordpress website is important, and if you don't protect and back up your website you can lose important data and information that might be hard to restore. You don't need to need to start over from scratch once you've done all that work, so make sure you're secure.
Strong passwords - Do your best to use a password, alpha-numeric. Easy to remember passwords are easy to guess!
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be found in the root directory. Also, nobody else will have the ability to read the file unless they've SSH or FTP access to your server.
What if you visit WP-Content/plugins, can you view that folder? If so, upload this blank Index.html file inside that folder as well helpful resources so people can't see what plugins you might have. Because if your version of WordPress is current, if you are using an old plugin or a plugin using a security hole, someone can use this to get access.
However, I advise that you set up the Login LockDown plugin in place of any.htaccess controls. Login requests will stop from being allowed from a specific IP address for an hour. You can still access your panel while away from your office, and yet you still have great protection against hackers, if you do so.