I back my blogs frequently using a plugin WP DB Backup up. If anything happens I can restore my blog to the last settings. I use my blog to be scanned by WP Security Scan free plugin frequently and asks to be blocked by WordPress Firewall to secure your wordpress site.
This is great news as it means that there is a strong community of users and developers that can enhance the platform. However, whenever there's a group there'll always be people who will try to take them down.
There is a section of config-sample.php that is headed"Authentication Unique Keys." There are four definitions which appear within the block. There is a hyperlink within that section of code. You need to enter that link into your browser, copy the contents that you get back, and then replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your website.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
However, I recommend that you set up the Login LockDown plugin in place of any.htaccess controls. From being permitted click site after three failed login attempts from a certain IP address for one hour login requests will stop. You can still get into your admin panel while away from your workplace, and yet you still have protection against hackers if you do that.