One of the first security tips I can provide is to change your admin username in WordPress. One of the ways people break into WordPress, is by a brute force attack. Once you know the username of the administrator, you take a large dictionary file of words, and try every possible combination as the password for that user until you get it right. You don’t have to try this manually, there are programs that do automated, and very rapidly. On most computers and systems, the default administrator is either “admin” or “root”, the case of WordPress, it is admin. I recommend you take a few minutes and go into your Dashboard -> Users -> Add New and create two new accounts. Make one an editor account, this is the only you’ll typically use from now on. Also add a new account, but instead of giving it editor privileges, choose “Administrator” as the role. Once you verified you can login to both of them with the appropriate permissions, delete the “admin” account. (Bulk actions -> Delete -> Apply)
If your WordPress themes says which editor approved each post, you’ll want to go into Posts -> All Posts and check any post that says admin. Then go to Bulk Action -> Edit and change the Author option to the new editor and choose update.
You’ll also want to ask yourself, “How strong is my password?”
access control list ACL admin Administrator brute force crack password root