You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
Since scare tactics seem to be at least start considering the problem, or what compels some people to take fix wordpress malware fix a little more seriously, allow me to shoot a scare tactics your way.
Use strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it if it can't be found in the root directory. Additionally, nobody else will be able to read the file unless they've FTP or SSH access to your server.
In addition to adding a secret key to your wp-config.php file, also consider altering your user password directory into something that's strong and unique. A great idea is to avoid common phrases, use upper and lowercase letters, and include numbers, although wordPress will tell you the strength of your password. It's also a good idea to change your password frequently - say once.
These are only a few of the things I do to navigate here protect my blogs. Thing is they don't need much time to do. These are easy options, which can be done easily.