Securing wordpress
Wordpress is very vulnerable to attacks. I suggest the following four steps. 1. Install Sucuri plugin 2. Install Wordfence plugin 3. Install IQ block country and block all countries except your own unless you need to have customers from overseas. 4. Delete the wp-login.php file (or rather, keep a copy of it somewhere else), and put it into the folder when you need to login, but when you don't need to login, delete it. There are plugins that hide the login, which you can also use, but I find that quite often they don't work. I've been locked out of my own site many times from those plugins, hence the crude approach of just deleting the login script.