Year and a half educated us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
Since scare tactics appear to be at the very least start considering the problem, or what compels some people to take secure your wordpress website a bit more seriously, let me shoot a few scare tactics your way.
This is fantastic news as it means that there's a strong community of developers and users that can further enhance the platform. Whenever there's a group of people attempting to achieve something, there will always be people who will attempt to take down them.
There is a section of config-sample.php that's headed"Authentication Unique Keys." There are four definitions see post that appear within the block. There's a hyperlink inside that part of code. You need to enter that link in your browser, copy the contents which you return, and then replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Now we are getting into browse around here things. Whenever you install WordPress, you need to edit the file config-sample.php and rename it to config.php. You need to set up the database information there.
Do your homework and some hunting, but if you are pressed for time and want to get this done once and click to read for all, try out the WordPress safety plugin that I use. It is a relief to know that my website (and company!) are secure.