This article is part of the Protecting WordPress index, but can be generally applied to your account and security practices!
Remember to only install plug-ins offered through the WordPress control panel since external plug-ins may not be secure. Most plugins offered from WordPress.org are regularly audited for the benefit of your security.
1. Guard against brute force attacks:
Thousands of failed login attempts happen on servers every day. While we do provide firewall protection to help defend against attacks like this, there are steps you can take as well!
2. Programs like Limit Login Attempts can help you defend your account from brute force attacks.
3. You can also set up captchas:
4. Exploit scanner:
5. Install other useful plugins Bad Behavior and User Spam Remover