Installing the repair hacked wordpress site Scan plugin will check most of this for you, and alert you that you may have missed. Additionally, it will tell you that a user named"admin" exists. That is the user name. If you wish you can follow a link and find directions for changing that title. I personally think that there is a password protection that is good, and because I followed those steps, there have been no successful attacks on the several sites that I run.
After spending a few days and hitting several spots around town, I eventually find a cafe which provides free, unsecured Wi-Fi and to my pleasure, there are a ton of people sitting around daily connecting their laptops to the"free" Internet service. I use my handy dandy Wi-Fi cracker tool and sit down and log into people's computers. Bear in mind, they're all on a network.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it there if it cannot be found in the main directory. Also, nobody else will be able to read the document unless they've SSH or FTP access to your server.
BACK UP your site frequently and keep a copy on your own computer and storage. For those who have a site, back up daily. You spend a lot of money and time on image source your site, don't skip this! The one solution that does it all is BackupBuddy, no back up widgets your files, plugins and database. Need to move your site this will do it in less than a few minutes!
However, I advise that you install the Login LockDown plugin rather than any.htaccess controls. That will stops login go requests from being permitted from a for an hour or so after three failed login attempts. It is still possible to access your admin mobile while from your office, he said and yet you still have good protection against hackers if you accomplish that.