How can you secure your WordPress installation?
In the Internet you find quite a lot about this point – often exhaustive lists with excellent ideas.
There is only one challenge with long lists, with lets say 30-40 points. Since life is busy and hectic we might not have the time for all of these 30 points “right now” and postpone the implementation to “later”. This results in an additional security of 0.00% in the mean time – which is of course not exactly what we want.

Therefore here 3 basic points, which can be implemented within a few minutes and add tremendously more security to your WordPress installation:

1) Protect the directory “wp-admin” additionally via “.htaccess”

This is will hinder talented hobby hackers to even see your WordPress login page in the first place. The need to figure out two different username/password combinations after each other increases the security level quite a bit.
Your hoster should provide in his admin panel a possibility for you to protect complete directories on your webspace.

2) Protect your cookies via the “secret key”

In the file “wp-config.php” you should find these lines:

These values are used for the encryption of permanent user cookies. Permanent cookies are also used for login data of WordPress users. Of course every hacker would be very happy if this information would be saved in non-encrypted form in the cookie. Happily this is not the case; WordPress encrypts them for you.
However, the “unique phrase” increases the strength of the encryption.
Additionally, a change of this key forces already existing users (with permanent cookies) to login anew.
There exists a handy online generator, which produces these 4 secure keys at once:
http://api.wordpress.org/secret-key/1.1/ – reloading this page produces always a new set of keys.

3) Protect the “uploads” folder via .htaccess

As the name indicates the above mentioned folder is the target where files of WordPress users end up. Should all kinds of files end up here? Not really! What the user need for writing articles or comments would be image files in the .jpg, .gif or .png format. More is usually not necessary and should not be allowed.
To accomplish this you could upload into the “uploads” directory this brief .htaccess file:

Of course there are many more things you can do to increase the security of your WordPress installation. But just in case you have only some few more minutes after your WP installation – these 3 steps are a definitely good time investment.