If you have a WordPress blog or website, WordPress security must be an issue for you. I'm sure you must have heard about hackers attacking blogs and websites of other people. The damage done by them can be enormous, especially when the particular blog was high page ranked, displaying high in search engines and profitable. It is not the only type of websites attacked by hackers. The reasoning behind their acts can't be explained as logical. They will destroy it for fun. I know stories of people who one day, instead of their website saw a short note informing them that their website has been blocked by Google due to the thread it carries to other internet users. It was a result of hacker attack, who made changes to the website.
The fix wordpress malware virus Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the page from the hosting company.
Protect your login credentials - Don't keep your login credentials where a hacker might find them. Store them offsite, as well as offline. Roboform is very good for protecting them. Food for thought!
This is very useful plugin, protecting you against brute-force strikes try this that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Black and whitelists phrases based on which field they appear inside. (unknown/numeric parameters vs. known article bodies, comment bodies, etc.).
Software: If you've installed scripts search Google for'wordpress security'. You'll get tips.