Finally, installing the fix wordpress malware Scan plugin alert you that you may have missed, and will check most of this for you. Additionally, it will inform you that a user named"admin" exists. site Of course, that is your user name. If you wish you can follow a link and find directions for changing that name. I believe that there is a strong password protection that is good, and there have been no attacks on the numerous sites that I run, because I followed these steps.
The one I personally recommend, and the stronger approach, is to use one of the generation and storage plugins available on your browser. People like RoboForm, but I believe after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate secure passwords for you; you use one master password to log in.
Harness Scanner goes through the files on your website database, comment and place tables. You are also notified by it for plugin names. It doesn't remove anything, it warns you for threats.
Upgrade now, if you aren't running the latest version of WordPress. Like maintaining your door unlocked when you leave for vacation leaving your website is.
However, I recommend that you set up the Login LockDown plugin in place of any.htaccess controls. That will stop login requests from being permitted from a specific IP address for an hour after three failed login attempts. You may access your panel whilst and yet you still have good protection against hackers, if you do so.