There is a portion of config-sample.php that's led'Authentication Unique Keys.' Four explanations that appear inside the block will be found by you. There's a hyperlink how to fix hacked wordpress site within that part of code.You copy the contents which you return have to enter that link into your browser, and change the keys you have with the specific, pseudo-random keys given by the website. This makes it harder for attackers to create a'logged-in' dessert for your site.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are easy to guess!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make additions and changes definitely. If you make changes multiple times a day, or have a community of people that are in there all here are the findings the time, a backup should be a minimum.
As I (our fictitious Joe the Hacker) understand, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts which all include logins and passwords you need to remember.
However, I recommend that you set up the Login LockDown plugin rather than any.htaccess controls. Login requests will be ceased by that from being permitted from a for an hour or so after three failed login attempts. If you accomplish that, you can still access your cell while from your workplace, and yet you still have protection against hackers.