Being the most popular content management system on the internet, WordPress is also the most popular target for botnets and hackers.
To help increasethe security of your WordPress site you should consider the following:
- Limit access to your admin area via .htaccess (e.g. by IP address restriction) and / or directory password protection (cPanel -> Security -> Password Protect Directories) is highly recommended.
- Install a security plugin such as Better WP Security which will take care of many of the items in this list.
- Disable any unused plugins.
- Ensure WordPress and its plugins are always up to date (e.g. turn on automatic updates).
- Use strong passwords for all accounts (i.e. 15 characters of random text or phrases / sentences over 30 characters).
- Ensure admin access is only granted to those users that require it.
- Take regular backups.
- Disable XML-RPC pingback. WP 3.5+ can use the Disable XML-RPC plugin.
- Change your admin URL.
- Monitor your logs on a regular basis for unusual activity.
The above list is by no means exhaustive and regular security reviews should always be carried out.