A half and last year taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
Installing the fix wordpress malware plugin Scan plugin will check all this for you, and alert you that you might have missed. Additionally, it will tell you that a user named"admin" exists. That is the administrative user name. If you desire you can follow a link and find instructions for changing that title. I think that a strong password is good enough security, and because I followed those steps, there you can check here have been no attacks on the several sites that I run.
Safeguard your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them offsite, as well as offline. Roboform is for protecting them good , too. Food for thought!
One thing you can take is to delete the default administrator account. This is important because if you don't do it, a user name which they could try to crack is known by malicious user.
You may extend the plugin features with premium plugins published here such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a fantastic choice.
However, I recommend that you set up the Login LockDown plugin rather than any.htaccess controls. That will stops login requests from being allowed from a for an hour or so after three failed login attempts. If you accomplish this, it is still possible to access your cell while from your office, and yet you have protection against hackers.