How can I protect my WordPress Blog?
WordPress is a very popular piece of software. Thus it is also a large target for hackers. The following are some tips on how to protect yourself from being a target.
You need to rename wp-login.php and /wp-admin. Hackers scan the Internet for users that have left these default URLs accessible. This makes brute force attacks much easier if they are kept unchanged.
Plugin: Rename wp-login.php - http://wordpress.org/plugins/rename-wp-login/
Limit login attempts. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Plugin: Limit Login Attempts - http://wordpress.org/plugins/limit-login-attempts/
Another good plugin to check is All In One WP Security & Firewall (http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/). This is a must have. It comes with database security, file checking, failed login monitors, ect.