Year and a half taught us that WordPress security should not be taken lightly by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
In my opinion, the best way to make sure that your that is secure your wordpress site is through the use of a WordPress backup plugin. This is a fairly inexpensive, elegant and easy to use way to be certain your site is accessible to you in case of a disaster.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, that hides the files from public view.
Should you ever want to migrate your site elsewhere, like a new hosting company, you'd have the ability to pull this off without a hitch, and also without having to disturb helpful resources your old site until the new one was set up and ready to roll.
Now we're getting into matters specific to WordPress. You have to rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to deploy the database facts there.
However, I advise that you set up the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be ceased by that from being permitted from a for an hour or so after three unsuccessful login attempts. If you accomplish this, it is still possible to access your mobile while and yet you have good protection against hackers.