3. Secure Host Dedicated Server VPS Reliable Shared Hosting (NOT Network Solutions). “A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.” Matt Mullenweg
6. Move wp-config.php Up one directory (WP will look for it there automatically) Best when you can move wp-config.php out of the public_html (or analagous) directory Don’t do this with nested WP installs!
8. Username & Password Never use “admin” for your admin account Use a strong password
9. Database Table Name Change from wp_ to something-else_ (or just choose something else to start with)
10. Bonus: .htaccess (Only works for static IP addresses) AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx