Year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
Finally, fix hacked wordpress site will even tell you that there is no htaccess from the wp-admin/ directory. You may put a.htaccess file if you wish, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do this are readily available on the internet.
After spending a few days and hitting several spots around town, I eventually find a cafe which offers free, unsecured Wi-Fi and to my pleasure, there are tons of folks sitting around each day connecting their laptops to the"free" Internet services. I use my handy dandy cracker tool that is Wi-Fi and sit down and log myself into people's computers. Bear in mind, they are all on a shared network.
Harness Scanner goes through the files on your site post, comment and database tables. It also notifies you for plugin names that are odd. It doesn't remove anything, it simply warns you.
Another step to check take to make WordPress more secure is to upgrade WordPress. The main reason for this is that there come fixes for older security holes making it essential to upgrade early.
The plugin should be updated play nice, to stay current with the latest WordPress release and have WordPress and restore capabilities. The ability to clone your site (in addition to regular backups) can be useful if you ever need to do an offline website redesign, among other things.