Here are some tips and basic setups to secure your WordPress setup.
- Change your username and password. Do not use default password when your in production.
- Secure your forms. Input boxes such as in contact forms are susceptible in spamming, Cross Site Scripting and SQL injection. How to secure your input boxes in your contact forms and other submit forms?– Integrate a captcha / or a Google captcha.
- Hide your admin page. It is very obvious to people familiar with WordPress that the admin page in wordpress is http://sitename/wp-admin using this page they can use brute force attack to use possible login credentials in your site.
- Limit login failed. By limiting the failed error brute force attack can be lessen or slowed down.