See http://codex.wordpress.org/Hardening_WordPress
http://codex.wordpress.org/Hardening_WordPress
https://wordpress.org/plugins/exploit-scanner/
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/timthumb-vulnerability-scanner/
Disallow file editing by adding this line to wp-config.php: define('DISALLOW_FILE_EDIT', true);
http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/
https://wordpress.org/plugins/limit-login-attempts/
https://wordpress.org/plugins/bruteprotect/
http://itpixie.com/2012/10/hide-your-wordpress-login-from-author-archive/#.VCTckPmSyDB
http://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial
(should use different prefix)
https://wordpress.org/plugins/harden-wp/
Install https://wordpress.org/plugins/wp-admin-protection/
As per http://codex.wordpress.org/Hardening_WordPress