Finally, installing the how to fix hacked wordpress Scan plugin will check most of this for you, and alert you that you might have missed. It will also tell you that a user named"admin" exists. Needless to say, that is the administrative user name. You can follow a link and find directions for changing that name, if you desire. I believe that there is a password good enough security, and there have been no successful attacks on the blogs that I run since I followed those steps.
Truth is, there is no way, if your own site is targeted by a competent master of this script. Everything you are about to read below are some precautionary actions you can take to quickly minimize the threat to an acceptable level. Chances are a hacker would prefer choosing simpler victim, another, if your WordPress site is well protected.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it if it can't be found in the main directory. Additionally, nobody will be able to read the file unless they've FTP or SSH access.
Along with adding a secret key to your wp-config.php document, also think you can check here about changing your user password to something that is strong and unique. WordPress will let you know the strength of your password, but include amounts, use letters, and a browse around this web-site good tip is to avoid phrases. It's also a good idea to change your password frequently - say once every six months.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted from a specific IP address for one hour. If you do that, you can still access your panel while and useful link yet you have good protection against hackers.