I have been using BulletProof Security WordPress Plug-in to protect my WordPress blogs from XSS & SQL Injection hacking attempts for a few weeks. BPS also blocks Base64_encode code injection.
I found it pretty easy to use since all I need to do is install BPS and activate the BPS plug-in, and enable the different security modes on the BPS plug-in settings page found within the WordPress Dashboard.
BPS modifies your WordPress .Htaccess files, and makes WordPress more secure, so hackers and bots can’t infect/hack your website, or have a lot harder time infecting and hacking your blog.
BPS also warns you of unsecure chmod file permissions for your WordPress files, and how to correct them in FileZilla FTP client. BPS helps you secure your WordPress installation by helping you hide your version of WordPress from hackers.
BPS will protects your wp-config.php, php.ini, php5.ini, wp-admin, and other WordPress Files and Folders from hackers.
BPS is also very well documented, so you can read about how to install and use BPS before installing it on WordPress.
Also, you need to change your permalink structure by going to settings > permalink, and pick Day and name then “save changes”.
I recommend you backup your WordPress’s .HTACCESS file before installing BPS since BPS modifies your root .HTACCESS file, so if something goes wrong, you can restore your default .HTACCESS file to fix it till you figure out what you did wrong.
BPS also can tell you what version of php and MySQL you are running, how much RAM you are using for WordPress, and more information about WordPress and your Web hosting package.
I recommend anyone who is using WordPress to consider installing BulletProof Security WordPress Plug-in for your blog since it could save you a lot of time since recovering from a hacked or infected blog can be very hard and time consuming to fix.
Learn more about BulletProof Security WordPress Plug-in at wordpress.org/extend/plugins/bulletproof-security/
I also recommend that you at least back up your database files for WordPress on a daily, or weekly basis whenever you add a new article to your blog since losing an article, multiple, or all articles on a blog can be very frustrating.
You should also backup your WordPress files and folders on your web server to your computer before and after you make major changes to your blog like before and after upgrading your version of WordPress to the latest versions.
You also might be interested in reading:
You can also password protect your WordPress’s WP-Admin folder if your webhost supports password protected directories/folders, so unwanted intruders have to hack your password protected wp-admin folder account, and your WordPress admin account before they can access your WP admin account.