One of the first things you do when you set up a WordPress site is work on the colors, font, layout, and appearance. Then it's time to add text and information. But what about WordPress security? Don't allow the fun of setting a new site up distract you from the goal of protecting the information you're putting online.
Cloning your site is just another degree in fix hacked wordpress site which can be very useful. Cloning simply means that you have backed up your website to a completely different location, (offline, as in a folder, so as to not have SEO issues ) where you can get it in a moment's notice if the need arises.
Safeguard your login credentials - Do not keep your login credentials where a hacker could find them. Store them offsite, as well as offline. Roboform is good for protecting them, too. Food for thought!
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it can't be found in the main directory. Additionally, nobody will sites have the ability to read the file unless they've SSH or FTP access.
Upgrade, if you aren't currently running the latest version of WordPress. Similar to maintaining your door unlocked when you leave for vacation, leaving your site on an old version is.
However, I recommend that view it now you install the Login LockDown plugin instead of any.htaccess controls. From being allowed after visit this site right here three failed login attempts from a specific IP address for an hour, login requests will stop. You may still access your admin panel while and yet you have protection against hackers if you do so.