I have had two WordPress blogs hacked into previously. That was at a time when I was doing almost no online advertising, and until I found time to deal with the situation (weeks later), these sites were penalized at the main search engines. They weren't eliminated, however the ratings were reduced.
I back my blogs using a free plugin WP DB Backup up. If anything happens I can restore my blog. I use WP Security Scan free plugin to scan my site and WordPress Firewall to block requests that are suspicious-looking to fix wordpress malware virus.
After spending a few days and hitting several spots around town, I eventually find a cafe that provides free, unsecured Wi-Fi and to my pleasure, there are tons of people sitting around daily connecting their laptops to the"free" Internet service. I sit down and use my handy dandy cracker tool that is Wi-Fi and log myself. Remember, they're all on a shared network.
This is very handy plugin, protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a range of IP addresses when a certain number of attempts is reached.
Can you view that folder what if you visit WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can not view what plugins you find out this here have. Because if your current version go now of WordPress is up to date, if you are using a plugin or an old plugin with a security hole, then someone can use this to get access.
There is. People always know they also could visit with your login form and where they can login and try out a different combination of user accounts and passwords. In order to stop this from happening you need to set up Login Lockdown. It's a plugin that lets users try and login with a password three times. After that the IP address will be banned from the server for a specific amount of time.