WordPress a number one open source CMS out there especially used by blogger to publish their content online. A wordpress is popular because of its number of rich features, many available plugins, widgets, thousands of theme, easy to manager interface. As per wikipedia, until April 2013, version 3.5 had been downloaded over 18 million times that shows how much wordpress is popular. As every coin has two sides there are some security breaches too found in wordpress blog. Its most targeted CMS by hackers.
Here I am listing some few points that would certainly enhance security of the wordpress.
1. To be started with, always keep your wordpress up to date. As wordpress developers always fix vulnerbility present in older version it is always best course of action to get wordpress updated to latest version. You can always see notifications in admin area to get updated.
2. Always disable ‘display error’ directive of php so in case any error presnt in your wordpress installation it will not be exposed to world.
3. Always change admin user name to something different. The easiest way to do this is create a new user account in WordPress (give it admin access). Then login with that username and delete your old account
4. It is often observed that hackers gain access to the wordpress by uploading a shell to the root directory. So your best bet is to set following settings in php.ini
file_uploads = Off (If you don’t want file upload, then make it off)
safe_mode = On
5. Make sure your local machine is not infected by means of sort of virus. You need to scan it periodically and remove if any threat exists. A best course of action is to install powerful antivirus.
6. Make sure you delete all unwanted themes and plugin.
7. Do not install any plugin that is new out there. Make sure a plugin has good reviews and not vulnerble.
8. Always take daily offsite backup in case of anything goes wrong.
9. Make sure you have not setup 777 permission to any files or folders.
You can read following official tutorial provided by wordpress to secure your wordpress installation.