Here's my guide to making your wordpress websites ultra-secure, using some common sense and tried-and-tested methods to prevent and secure against hacking attempts: 1. Do not use "admin" as your username! Pick something unique and not related to your niche, e.g. jason647 2. Configure your robots.txt to stop search engines indexing hidden files: Code: # User-agent: * Disallow: /cgi-bin Disallow: /wp-admin Disallow: /wp-includes Disallow: /wp-content/plugins/ Disallow: /wp-content/themes/ 3. Delete the readme.html and license.txt files to hide your wordpress version number. 4. Delete the word "wordpress" from your site. Open footer.php, index.php and other site files and manually search and remove "wordpress" references (this can be done using a free text editor or the "Editor" panel in wordpress. Note: the Hide My WP plugin linked below also performs this function. 5. Configure your .htaccess file to: Protect wp-config.php: Code: <Files wp-config.php> order allow,deny deny from all</Files> Block access to plugins: Code: # directory browsing Options All -Indexes Block access to .htaccess: Code: <Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files> 6. Rename your wordpress database table prefix. Change the code in wp-config.php: Code: [FONT=Courier New]$table_prefix[/FONT] = 'wp_'; to: Code: [FONT=Courier New]$table_prefix[/FONT] = 'UNIQUENAME_'; Use numbers, letter, underscores, upper and lowercase combinations. Then login to your phpMyAdmin page through your hosting cpanel and change all table names. Tutorial with screenshots here: Code: http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/ TIP: it is easier to create a unique table prefix BEFORE installing wordpress. The above instructions are for existing installations. If you don't like making manual changes or want additional protection, use a security plugin, such as: Better WP Security (free) Code: http://wordpress.org/plugins/better-wp-security/ Hide My WP Code: http://www.blackhatworld.com/blackhat-seo/blogging/548823-get-hide-my-wp-no-one-can-know-you-use-wordpress-3.html Login Lockdown (free) Code: http://wordpress.org/plugins/login-lockdown/ WP Security Scan (free) Code: http://wordpress.org/plugins/wp-security-scan/ TIP: If you use pirated plugins/themes, check code manually, only download from a trusted source/sharer, and run security scans before activating.