After you have secured your server file system and set the .htacess file, you can now turn to WordPress and make some changes or add features that will help improve security even further. And some of the tweaks proposed in this article are very important against several types of attacks.
Username: admin should be changed
Before WP 3.0, in every new installation of WordPress, main user account was named admin. After WP 3.0 you can choose new username during installation. Also, WP doesn’t allow changes of username directly. It’s not recommended to have admin username at all because hackers expect it and can use it to only crack the password and get access to your website. Considering that many websites use simple passwords, that can be easier than you may think.
Update WordPress, plugins and themes
This is something you hear from everyone: keep your installation up to date. But, on the other hand that can be a problem in some cases. Updating WordPress is a good thing if you don’t use some old and outdated plugins that don’t work with new WordPress, and is not maintained anymore. Situation with updating themes is similar, once you start changing the theme, you can’t update anymore or you will loose your changes. That is one of the reasons I added theme upgrade to my xScape premium themes, allowing you to change theme and still be able to update with new version.
If you still run some old WP version (any 2.x version), from security point of view, you need to upgrade to latest WP 3.x version. If some old plugin is preventing you to do that, try to find someone to fix the plugin or write a new one. Investing in that can prove very important to keep your website safe in the long run.
Best security policy with WordPress (and other well maintained CMS systems) is to use latest versions, since WP core developers are always been very fast in fixing all potential security holes. Compared with other similar systems, in my experience, WordPress is most secure one with a lot of security features built into the core.