WordPress is without doubt the most popular CMS at this moment in time, dwarfing other options such as Joomla and Drupal. While this is a good thing for WordPress, it now has a very large and active community contributing plug-ins, themes and fixes, but with this growth it now also has its bad points. When anything becomes this big, people will find ways to attack the CMS in question for whatever reason they see fit.
One of the most ignored methods of keeping your install safe is updating your install when updates become available which ensures all of the latest patches and fixes are applied to your site. (You can also remove the readme.html and license.txt files from the root directory as they display the version number of WordPress you have installed.)
Some tips provided by Business Seo Solution to secure your WordPress Site:
WordPress as a whole (a website management platform) is very well designed. It doesn’t have any preposterous security issues that beginning programmers could exploit. The problems, however, arise when you try to tweak your installation of WordPress by adding new plugins or themes, implementing hacks, or doing anything else that interferes with WordPress.
Aside from plug-ins there are a number of additions you can make to your .htaccess file which in conjunction with plug-ins and regular updates will tighten up your site’s security and give you that extra level of protection. Wp-config.php is the file in your root directory that stores information about your site as well as database details, this file in particular we would not want to fall into the wrong hands.
You can limit who can access your admin folder by IP address, to do this you would need to create a new .htaccess file in your text editor and upload to your wp-admin folder. If you have the same IP address trying to access your content or trying to brute force your admin pages, you can ban this person using .htaccess with a simple snippet:
<Limit GET POST>
deny from 202.090.21.1
allow from all
As WordPress is now so popular many people know the structure of a WordPress install and know where to look to discover what plug-ins you may use or any other files that might give away too much information about your site, one way to combat this is to prevent directory browsing. The wp-content folder contains images, themes and plug-ins and it’s a very important folder within your WordPress install, so it makes sense to prevent outsiders accessing it.