A half and year taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
Finally, secure your wordpress website will tell you that there is no htaccess in the wp-admin/ directory. You may put a.htaccess file if you wish, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are readily available on the net.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, which hides the files out of public view.
In case you ever want to migrate your site elsewhere, like a new web host, you'd be able to pull this off without a hitch, and also without needing to disturb your old site until the new one was pop over to these guys set up and ready to roll.
What if you go to WP-Content/plugins, can you view that folder? If so, upload that blank Index.html file into that folder as well so people can't view what plugins you have. Because even if your current version of WordPress is up to date, if you are using an old plugin or a plugin using a security hole, then someone click to investigate can use this to get access.
There is. People always know where they can login and they also could drop by your login form and try out a different combination of passwords and user accounts. In order to prevent this from happening you want to set up Login Lockdown. It's a plugin that only lets users try and login with a wrong password three times. Following that the IP address will be banned from the server for a certain timeframe.