Hi, following the recent brute force hacking I decided to include a few simple steps that can be taken to secure your wordpress site from threat. These are simple steps that will reduce the risk that your website is hack but it won't eliminate that risk completely. You can skip some of these steps if you want. 1. Password protect your wp-admin directory. I don't mean the default login of wordpress but add another one with .htpasswd. To create one go here then enter your username and password. Next copy the content in the text area and paste it in a new file name .htpasswd(note: it should not end with .txt) and upload it to your wp-admin file. 2. Limit the ips that can access your wp-admin folder. This is will allow only specific ips to access your wp-admin file. Just add the following line to your .htaccess found in your wp-admin folder Code: <Limit GET POST> order deny,allow deny from all allow from XXX.XXX.XXX.XXX </Limit> where xxx.xxx.xxx.xxx is your ip. if your want to add another ip just add another allow "from line" You can also allow a range of ip. e.g "allow from 123." will allow all ips starting by 123. This is the same for "allow from 123.113." it will allow any ips starting by 123.113. 3. Install google authenticator plugin Just search for it in the wp plugins repository. Next download wordpress autheticator on your smartphone or tablet. Each time you login to your wp dashboard, you will need to enter your username and password as usual but also a 6 digit code that you will found in the google autheticator apps install on your smartphone. Note, your smartphone is not required to be connected to the internet but you should set your time zone and time correctly on your smartphone. Once the plugin install in wp. follow these steps: In wp dashboard user>all users>edit your profile You ill see the google authenticator settings Check the active checkbox, not the relax checkbox Do not enable app pasword as this will decrease your login security choose a description Go to google authenticator and scan the qr code or enter the secret text manually Ok your are done. you have just enable two way verification for your wp site. Even if someone has your password he will still be unable to login. 4. Install login limit attempt This one is self explanatory. It should be enough alone to protect you site from bruteforce login attempts like the one that occur recently 5. Do not use nulled themes or plugins Well you can use but only if you trust the one nulling it or if know php and html then you can check if it contains backdoors or hidden links 6. Install a security plugin I don't use one personally, so I can't tell you which one to use These is just a short list there other task that can be done to secure your site. If you know any other tips, post it below.