One of the first things you do when you set up a WordPress site is work on the colours. Then it's time to add data and text. But what about WordPress security? Don't allow the fun of setting up a new site distract you from the goal of protecting the information you're putting online.
The fix wordpress malware plugin Codex has an outline of what permissions are okay. File and directory permissions can be changed via an FTP client or within the administrative page from the hosting company.
Hackers don't have the power once you got these lined up for your own security, to come to a WordPress blog. You can have a WordPress account which gives big bucks from affiliate marketing to you.
Harness Scanner goes seeking anything suspicious through the files on your site place, comment and database tables. You are also notified by it for plugin names. It doesn't address remove anything, it simply warns you for threats.
Along with adding a secret key to your wp-config.php document, also consider altering your user password into something that is strong and unique. A good tip is to avoid phrases, use letters, and include amounts, although you will be told the strength of your password by wordPress. It's also a good idea to change your password frequently - say once.
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. Login requests will stop from being allowed from a specific IP address for one hour. If you do that, you can still get into your admin panel whilst and yet you still have protection against hackers.