I don't know about you, but when I secured my WordPress site, and I researched to see what others do to maintain their blog secure, I found so much information I was confused. And some of the information was actually over superstitious or the top. People told me to rename this file, rename this folder and set up these ten plugins. It appeared to be a bit of work and effort.
By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to any fix hacked wordpress plugins. Before, WordPress did have holes but now most of them are filled up.
The one I recommend, and the approach, is to use one of the password creation and storage plugins available for your browser. People like RoboForm, but I think after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
This is very handy plugin, protecting you against brute-force attacks that are password-crack. It keeps track of the IP this post address of every failed login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of failed attempts is reached.
It is really sexy to fan the flames of fear. That is what bloggers and journalists and politicians and public figures do. It's terrific for readership and it brings money. Balderdash.
Do your homework and some searching, but if you are pressed for time and need to get this done once home and for all, try out the WordPress safety plugin that I use. It is a relief to know that my website (and business!) are secure.