Additionally, it is important to change admin username and your password if you are helped by someone with your site and needs admin username and your password to login to do the work. Admin username and your password changes, after all the work is finished. Someone in their company might not be, even if the man is trustworthy. Better to be safe than sorry!
Finally, fix wordpress malware scanner will tell you that there's not any htaccess in the wp-admin/ directory. You can put a.htaccess file within this directory if you wish, and you can use it to control access to the wp-admin directory from IP address or address range. Details of how to do that are available on the net.
After spending a couple of days and hitting several spots around town, I finally find a cafe that provides free, unsecured Wi-Fi and to my pleasure, there are a view ton of people sitting around daily connecting their laptops to the"free" Internet services. I sit down and use my handy dandy cracker tool and log myself. Remember, they're all on a network.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely more, if you make changes and regular additions to your website. If you have a community of people which are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
In addition to adding a secret key to your wp-config.php document, also consider changing your user password to look at this site something that's strong and unique. A great idea is to avoid common phrases, use upper and lowercase letters, and include amounts, although you will be told the strength of your password by wordPress. It's also a from this source good idea to change your password frequently - say once.
Using a plugin for WordPress security only makes great sense. Backups need to be carried out on a regular basis. Don't become a victim as a result of not being proactive!