A half and year educated us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
Install the fix malware problem Firewall Plugin. Quit and this plugin investigates net requests with WordPress-particular heuristics that are straightforward to identify obvious attacks.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them off, as well as offline. Roboform is for protecting them very good . Food for thought!
While it's an odd term, it represents a task: creating a WordPress backup of your site to work on offline, or in the event something should go amiss. We are not simply being obsessive-compulsive here: servers like it go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you know the fear is it can cause.
Imagine if you visit WP-Content/plugins, can you view that folder? If view website so, upload this blank Index.html file inside that folder as well so people can't view what plugins you have. Because even if your current version of WordPress is current, if you are using a plugin or an old plugin with a security hole, then someone can use this to get access.
But realize that online security is something that you must start thinking about. Do not only be the reactive type, take steps to begin protecting yourself. Do not let Joe the Hacker make your life miserable and turn everything that you've worked hard in creating come pop over to these guys crashing down in a matter of moments.