Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
Since scare tactics seem to be at the very least start considering the issue, or what drives some people to take repair hacked wordpress site a little more seriously, allow me to shoot a scare tactics your way.
Also, don't make the mistake of thinking that your hosting company will have your back so far as WordPress copies go. Not always. It has been my experience that the company may or might not be doing backups, while they say they do. Why take that kind of chance?
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it there if it can't be found in the root directory. Additionally, nobody else will have the ability to read the file unless they have FTP or SSH access to your server.
Install the WordPress Firewall Plugin. Stop and this plugin investigates web requests with simple WordPress-specific heuristics to identify attacks that are obvious.
However, I advise that you install the Login LockDown plugin in click over here place of any.htaccess controls. From being allowed after three failed login attempts from a specific IP address for one hour, login requests will stop. If you do so, you can still access your admin panel whilst away from your workplace, and yet you have good protection against hackers.