WordPress is inarguably the best blogging platform in the world. If you are going to use the selfhosted WP, then the following 5 dos and don’ts should be of interest to you.
Change your database prefix
I wonder how many sites that could have avoided database injection attacks simply by changing the database prefix. By default, the WP database prefix is wp_. You should change this to anything that will be super hard to crack when you are entering the values in the wp-config.php file. Doing this will make the work of any would be attacker more than difficult.
Choose the strongest password for your first user account
By default, the first account you create after a WP installation is more or less the root user. That account has complete and unfettered access to your entire WP backend. Change the default password generated by WP and choose a password that you yourself think twice before remembering.
The first thing you need to do upon logging into your WP backend the first time is to activate the Askimet spam blocking plugin. You’d need a WP api key, available for free with a wordpress.com account.
Install the WP Security Scan plugin
This is a simple plugin that will scan your entire installation and alert you of any security lapse and how to rectify it.
These are the 4 things that I strongly believe you need to do with your WP installation in order to keep is safe and sound for a long time. Sure, different people will prefer doing different things during their installation, but these 4 to me are a must. What would you add?