Perform a MD5 checksum for CORE files of your website to know if someone changed anything or added malicious code in it.reCAPTCHA protects your website from fraud and abuse using complex challenges to block malicious activities on website.Apply a challenge question on the login page so no one without that information can log into your website.Completely disable login with password. Just enter the username/email, you will receive an email with the link to login.Add a two-step security layer for login. Configure a two-factor authentication via email for secure login.Configure a two-factor authentication via mobile or authenticator apps for secure login.You can change the wp-login.php link to a custom one so only you know the login link and no one else will be able to login.Disable pingbacks so the users can't pingback your website and are safe from a DDOS attack.Disable/Rename the XML-RPC and prevent brute force on the xmlrpc.php page which is open by default in WordPress.
Changelog = 1.8.1 = *[Bug-Fix] There was an issue while checking checksum, if the WordPress install was in en_US but the language was set to some other languages from the settings, then the checksum was comparing the checksums from the language selected in WordPress settings which is now always the language of the install, this has been fixed.
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.