One of the first things you do when you set up a WordPress site is work on the colours. Then it's time to add information and text. But what about WordPress security? Don't allow the fun of setting a site up distract you from the goal of protecting the information you're putting online.
The fix hacked wordpress site Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from the web host.
The one I recommend, and the stronger approach, is to use one of the generation and storage plugins available on your browser. I believe after a free trial period, you need have a peek at this website to pay for it, although Lots of people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page won't appear in any listings of webpages (which includes, and is ordinarily restricted to, your page navigation menus).
Install the WordPress Firewall Plugin. This plugin investigates web requests to identify and stop attacks that are obvious.
Implementing all of the above will take less than an hour to complete, while making your WordPress site more resistant to intrusions. Over 1 million WordPress websites were cracked last year, mainly due to easily preventable safety gaps. Have yourself prepared and you are likely to be on the safe side.