WordPress security  is really a major concern these days. There is a massive attack going  on right now and lot of WordPress blogs are getting hacked. If your  site/blog is on a WordPress platform without any security and it is  still not hacked, then possibility of getting hacked might occur in the  future. Hence it is important to prevent your website from being hacked.  There are some methods to secure your WordPress blog, we will show you  few of them. 
Keep A Strong Password:
If you use easy to guess passwords like “admin” or “123456″ then your  site is most likely to get hacked. We recommend you to use strong  passwords, which should be a combination of special symbols, numbers and  upper/lower case alphabets. Anything like “WordPress!@12″ is a good  example of a strong password which are tough to guess for the hackers.  You can also check your password strength in the profile section of  WordPress admin panel and accordingly set the password.
 Change Your User Name:
The default WordPress login name is “admin” which is well known to  the hackers, so it is very important to change the login name. Following  are the steps to update the login name:
 1) Login into the admin panel
 2) Go to “Users” and click on “Add New” to set up a new user account
 3) Enter the details of the new user and assign administrator role to this newly created user
 4) Logout from the current user and login with the new user account
 5) Select “All Users” from “Users” menu, check the box adjacent to  the previous admin user by the name “admin” and press delete to remove  the user.
 6) When you are prompted with a message asking for deletion  confirmation, select “Attribute all posts and links to” and select your  newly added login name from the  drop-down to migrate all your post to  your new login name. Press confirm to delete the user. 
Upgrade Your WordPress:
The latest version of WordPress will  take care of all the new  threats which are unable to fix by its predecessor. Hence it helps you  to improve the security in order to prevent it from the hackers.
 We suggest you check 
BlogSecurity and 
WordPress Development as they will keep you updated whenever any new version of WordPress is released . 
Managing Users:
You should not give administrative privileges to all the users, as  this will give them full control over your website. Therefore, you need  to define the role of the other users with a limited authority to work  on the blog. 
Database Backup:
You should take the backup of entire database on a daily basis. There are free plugins like 
BackWPup and 
BackupBuddy which takes the database backup of your WordPress blog. Otherwise, ask  your web hosting provider to backup your blog’s database. 
Delete WordPress Version Information:
There are some themes or sites which contains the wordpress version  in the meta tag. Hackers can easily retrieve this information and  prepare the attack plan aiming the security vulnerability for that  version of the blog. To remove the version info, see the below steps:
 1) Go to your WordPress dashboard.
 2) Select Theme Editor in Design.
 3) On the right side of panel, click on Header File
 4) On the left side, you see some codes, check for below line:
 php bloginfo(’version’); ?>” />
 5) Delete it and press update file. 
Folder Protection:
The wp-admin folder contains all the website data, so it is very important to protect this folder. Use the plugin 
AskApache Password Protect to setup password protection to the folder and give access right only to authorized user. 
Security Scan:
You can install the plugin 
WP Security Scan and carry out scan regularly for any security vulnerabilities. This  plugin also allows you to change your database prefix from wp_ to any  prefix of your choice. 
Brute Force Attack:
A brute force attack is a method used to obtain information such as a  user name or password by using automated software which generates a  large number of consecutive guesses so as to get the desired data.  Hackers can easily crack your password by this method. To prevent this  from happening, you can install the 
login lockdown plugin.  This plugin keeps the track of IP address and timestamp of every failed  login attempt to your blog. Once a certain number of failed attempts  are investigated, it will disable the login function for all requests  from that IP range. 
Hide You Plugins Folder:
Always make sure that you hide the plugin that you are using for your  blog by uploading an empty html file to the plugin directory. In order  to deploy blank html file, open your text editor and save the blank  document as index.html. By using a ftp client, upload the index.html to  the wp-content/plugins folder.
 By applying all the above methods related to wordpress security, we  ensure you that the chances of getting hacked will be very less to your  blog.
 How safe is your WordPress blog? Do share if you know more options to prevent WordPress hacking.