There's a portion of config-sample.php that is led'Authentication Unique Keys.' You will find four explanations that appear inside the block. There's a hyperlink fix wordpress malware within that section of code.You copy the contents which you return, must enter that link into your browser, and change the keys you have with the specific keys given by the website. This makes it harder for attackers to quickly generate a'logged-in' dessert for your site.
The more powerful approach, and the one I recommend, is to use one of the creation and storage plugins available for your browser. People like RoboForm, but I think after click here for more info a trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you.
One step you can take is to delete the default administrator account. This is critical because if you don't do it, a user name that they could attempt to crack is already known by malicious user.
Can you see that folder what if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can't see what plugins you have. Someone can use this to get access because if your version of WordPress is current, if you're using a plugin or an old plugin using a security hole.
These are a few of the things I do to secure my blogs. Great thing click to read more is they don't need much time to perform. These are simple solutions, which can be done.