Most likely, today, some hacker tried to crack your WordPress site, its data and
content. Maybe that was just a one-off from some bored kid. Just as likely, it was an
automated hit, trying dozens of attacks to find a soft spot. Then again, quite likely it
was both.
Whether you've been successfully hacked already, else want some insurance, Welcome.
Let's be frank, up front. Web security has no silver bullet. The threatscape is simply
too vast, the vulnerabilities too numerous. Your risk stretches from the keyboard at
your fingertips, through and out the back of your local machine, buzzing around
its network, maybe through your phone, into the router, hopping across your web
surfing, into the remote server, buzzing around that network and jumping all
over WordPress.
Gee whiz!
In other words, changing the admin username, mashing a new password, and
swapping the table prefix doesn't address much, important as these things are. They,
and pretty much all the Top Tips guides, combine limited security with a false sense
of security.
Place your bets. Your site, whatever its hosting type, is only as safe as the weakest
local-to-remote link, and then some. You can shore up WordPress, and you must, but
if some Joe Hacker comes along, physically or technically, and grabs a password
from your local machine, else bothers to profile you online, then, a few tools later,
I'd back the black hat.