The security of your website is something that most WordPress users tend to forgot about. That is, until your site gets hacked. WordPress forum member Kris recently advised that his own website had been hacked despite the website using the latest version of WordPress. It appears that this was caused by vulnerability in a plugin he was using. The whole thing highlights that security should be made top priority, whether your website is big or small.
One plugin I recommend using is Secure WordPress by WebsiteDefender. This free plugin lets you correct 11 security issues that the default WordPress installation has such as deactivating error messages in the login page and removing update options for non admins.
For me, the best feature is the ability to remove the version of WordPress you are using from all areas except for admin. This is particularly useful for those of you who are using an older version of WordPress (though you really should upgrade).
What surprises me is that these security issues have not been addressed in the core version of WordPress. I can’t see why non admin would need to see core, theme and plugin updates anyway so why show them. Until these issues have been fixed in the default version of WordPress, I recommend installing Secure WordPress. It doesn’t guarantee your site won’t be hacked but at the very least it will discourage would be hackers and make things much more difficult for them.
Secure WordPress: Information | Download