Indeed it's a problem, the first and the biggest problem is the admin url, the link used to access admin control panel.
Because not many change their default admin url which looks like this
yourdomain.com/wp-admin hackers take advantage of this and use so-called
brute force attack to crack your password to get access in your admin area. Brute force attack means testing millions of passwords in short period of time with automated bots.
The very first step in securing your wordpress site is making a
backup of your database as often as you make updates, if you can do it daily than do it daily, if you want weekly you can do it weekly but if your site got hacked you may lose a week of work at your site which sometimes can be irrecuperable.
For this I would like to recommend the
best wordpress backup plugin and once activated and configured you can sleep well my friend. Read features and download plugin from
http://wordpress.org/plugins/backwpup/
The next step in hardening your wordpress site is to
limit login attempts which means you can set a number of failed logins attempts by IP. This will give hard times to hackers, their system now needs new IP to be able to continue the brute force attack, proxies doest cost, hopefully they don't have budget for it. Anyway the plugin will keep banning IPs as per our settings, temporary lock out and ban lifting timing.
For this I would recommend the plugin from
http://wordpress.org/plugins/limit-login-attempts/
Do not use
admin as your admin username because hackers will limit login attempts to this username and it remains to crack your password for full access. So you need to have a different username, just in case you already chosed admin as your username do not worry, you can
change it via PHPMyAdmin, here is simple, log into cPanel, go to PHPMyAdmin then locate your database then go to
wp_users table then
Click Edit next to your "admin" user, then change the
user_login field to something different, that's it!
Last but not least,
avoid easy passwords, when you change the password make sure is a strong one, passwords like 123456, IloveYou, Mike10 etcetera are easy to be hacked. This is how strong passwords looks like: Ma?.@8>Qz, g.Y@.!l#F, P"@u9J!7 etcetera.
Recap:
1. Backup of database as often as possible.
2. Limit login attempts failed per IP
3. Do not use "admin" as your username
4. Avoid easy passwords
Do you know other ways to secure a wordpress site from hackers? Let's hear them!