There are a few things you can do by default on your WordPress site to secure your websites from hackers. The first rule you should choose a unique username for the admin user. Never use “admin” for user name because it is easy to guess so make the username something hard to guess, and along with a strong password, this will add an extra layer of difficulty in login ypur WP website.
You should limit the number of accounts that have access to your admin panel. You should try to keep the admin accounts to one, and manage other user levels to what is required; you can set users as subscriber, contributor, author or editor. Read more here about user levels in WordPress.
You can do is set the file accessing authority correctly using your FTP program. They should be set as follows:
The root WordPress directory: all files should be writable only by your user account, except .htaccess if you want WordPress to automatically generate rewrite rules for you.
- /wp-admin/ – All files should be writable only by your user account.
- /wp-includes/ – The bulk of WordPress application logic all files should be writable only by your user account.
- /wp-content/ – content to be writable by your user account and the web server process.
- /wp-content/themes/ – All files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account.
- /wp-content/plugins/ – All files should be writable only by your user account.
