A half and last year taught us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
My first step is not one you have to take but it helped me. I had a good old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And then I did what I should have done before I started my site. And here is where I want you to start. Learn how to protect yourself before you get hacked. The attractive thing about clean hacked wordpress site and why so many people recommend because it is easy to learn it is. Unfortunately, that is also a detriment to the health of our websites. We have to learn how to add a safety fence around our website.
There are many ways to pull this off, and a lot involve copying and FTPing files, exporting and re-establishing databases and more. Some of these are very complex, so it is important that you select the one that is best. If you are not of the persuasion, then you may want to look into using a plugin for WordPress backups.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be found in the visite site main directory. Also, nobody will be able to read the document unless they have FTP or SSH access to your server.
You can create a firewall that blocks hackers. From coming to your own files, the firewall prevents the hacker. You must have updated version of Apache. Upgrade your PHP. It's essential that your system is always full of upgrades.
There is. People know they also could just drop by with your login form and where they can login and try out a different combination of user accounts and passwords. So as to prevent this from happening you want to install Login Lockdown. It's a plugin that lets users try great post to read and login with a password three times. After that the IP address will be banned from the server for a specific amount of time.