"Let’s start with a couple absolutely necessary plugins: Login Lockdown - Surprisingly hard to find on the Wordpress extend site, this one is a gem at stopping brute-force attacks (works with 2.7!). WP Security Scan - WP Security Scan does a few pretty cool things just by activating it, including masking your WP version and DB errors. It will help you identify proper permission settings for the most critical files, change your DB table prefixes, and some other cool stuff. Now to the easy steps that should absolutely be done: - Choose strong passwords. There are so many great password checkers out there, WP Security Scan even includes one! - Stay on top of the latest version! As of writing, if you’re not on version 2.7 start there. You can’t begin to be protected unless you’re on the latest version. This is so critical. You should subscribe to the feeds of the developers of your plugins and templates and make sure to keep these updated too! - Delete your “admin” user. You never use it anyway, and you " - Internet Strategist from Bookmarklet