Wordpress Safety - What Everybody Should Know About Securing A BlogI have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
fix wordpress malware cleanup will inform you that there is no htaccess within the directory. You may put a.htaccess record in to this directory if you would like, and you can use it to handle the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the net.
Protect your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them off, as well as offline. Roboform is very good for protecting them. Food for thought!
There is a section of config-sample.php that's headed"Authentication anonymous Unique Keys." There are. There's a hyperlink inside that section of code. You need to enter that link into your browser, copy the contents that you get back, and replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically generate a"logged-in" cookie for your site.
Upgrade now if you're not currently running the latest version of WordPress. Leaving your website is like maintaining your door unlocked when you leave for vacation.
Do not use wp_. Web hosting providers are currently removing that default now but if yours doesn't, adjust wp_ to anything else but that.