I get a note about some WordPress site getting hacked fairly regularly. Sure, just like burglars, if they really want to get in, they’ll get in. But using the same analogy, if your house is locked and the neighbor’s is wide open, they’ll probably go to the neighbors. Sorry to put this on the neighbors, but here’s a quick fix to avoid quite a bit of hassle.
I’ve actually mentioned this in two previous posts, but I get this question so often, it’s worth repeating. Here goes:
Change your main administrative login to anything but “admin”
If you’d like to see just how hard the hackers are trying to get in, and see which user name they’re trying to use, have a look at the Limit Login Attempts plugin. But if you’d actually like to change your administrative login to something other than admin, you either need to go into PHP My Admin and change it there (easy if you know how to get in there) or use a plugin like GD Press Tools.
Sure, there are some great WordPress security tools out there–and you should use them, too. But this one is pretty basic, but it’s akin to leaving your front door with the key in it. You’re just tempting them to get in. And they will get in, it’s just a matter of time.