When installing a new version of WordPress, one of the first steps is to select your username. Because it comes up with the default of "admin" many users overlook changing this and continue on with a very lame, hacker-attack-waiting-to-happen username. I know - I did it too way back when.
I'm willing to bet that your name is not "admin", only guessing here but I'd wager that your first name may be more difficult for a hacking robot to come up with than "admin". So my advice is to use your first name or a name associated with your site.
In addition, this also makes your site appear more personable as your name will appear next to your post heading and date unless you turn off those features. It also shows up in the comments and that definitely is friendlier.
2. Select a Secure Password.
Your next step is to choose your login password. Now I know the temptation is to make this something easy to remember and many simply use one or two passwords for everything they do. I advise you to seriously NOT do this.
You don't need to make them super complicated with hard to remember combinations of letters and characters but your WordPress password should not be easy to guess.
Do not make the common mistake of using passwords like:
Your birthday or anniversary
Your own name
Come up with something that looks somewhat like code that you can remember. Use an obscure date that has meaning to you but others would likely not know, or spell part of your name backwards combined with a few characters.
Bonus tip: Change your password occasionally, even subtle changes will reap big security rewards.
3. Limit Your Plugins.
Many of us love plugins don't we but I propose that you use them wisely. Having too many plugins activated on your blog can slow down the speed of your site. A site that takes too long to load will simply loose visitors as the internet viewer skims and looks for information quickly.
Look at the plugins you have installed and delete those that you have not activated. I know, you're thinking that one day you will use it but remember an inactive plugin may end up as a target for hackers just waiting to attack.
4. Back up, Back up, Back up.
As with anything you create on your computer, back it up! We have all lost a document or two because we experienced a computer hiccup and had not saved our work but losing your website could be disastrous.
Think about this picture, you attempt to log into your site and poof, there is nothing there - or as many have experienced, your hosting provider services are down or hacked. Remember if your hosting is down, your site is down and in a worst case scenario you may need to resuscitate life back into your blog.
My favorite back-up method though is to create a clone of my site with WPTwin cloning software. WPTwin clones everything on your site, each post, page, plugin, comment, and more. It is super easy to clone your entire blog or website in minutes and then you have the security of knowing everything is safely intact.
5. Rely On Trusted Sources.
Always download or purchase from trusted sources. When looking over new plugins and themes check out the user ratings and the date it was last updated. If there are reviews or comments, take a quick look. Any sign of trouble, don't even try it, it's not worth the risk.
Along those same lines, don't buy into the fear of missing out. It's a very persuasive marketing tool but one you should not fall into when deciding to purchase WordPress plugins or themes. These are common tactics of Internet marketers - many thrive by using phrases like:
Sale ends soon
Only 3 left at this price
Don't let them sway you. If the product is truly worth buying, the price should stay stable or at least not rapidly double in price. Always consider the security of your site over the flashiness of the sales page.