Finally, installing the rename your login url to secure your wordpress website Scan plugin will check all this for you, and alert you that you may have missed. It will also inform you that a user named"admin" exists. That is your administrative user name. If you wish dig this you can follow a link and find instructions for changing that title. I think that a password is security that is good, and there have been no successful attacks on the numerous blogs that I run, because I followed those steps.
Safeguard your login credentials - Don't keep your login credentials where a hacker could locate them. Store them off, as well as offline. Roboform is for protecting them very good , also. Food for thought!
I don't think there is a person out there that after learning how much of a problem WordPress hacking is that it is a fantastic idea. However is that when it comes to securing their sites, bloggers seem to be stuck in this reactive state.
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it at no cost and this plugin is a good option.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being allowed after three unsuccessful login attempts from a certain IP address for one hour. You can still get into your admin panel while and yet you still have great protection against hackers, if you do that.