Although this security issue may be fixed in newer versions of WordPress, your truly screwed if your password gets cracked by a hacker. Since WordPress only requires one to get all the administrative privileges to your blog, it would be best to limit the /wp-admin/ folder to just yourself (by your IP address, see below). How you might ask? With .htaccess files.
*Note* – If you have a dynamic IP (meaning that your IP changes from time to time), this method will not work for you.. You could block yourself out of your own blog!
1. First, Determine your IP address from any free service, such as: WhatIsMyIp.com
2. Second, Download your .htaccess file from your blog server in the /wp-admin/ folder (Do NOT Replace it on your blog directory.. Only in the Wp-Admin Folder) and open it with Notepad++ (A free utility that makes coding and code editing a breeze).
3. Add the following code to the file:
AuthName “Example Access Control”
deny from all
allow from xxx.xx.xx.xxx
4. Replace xxx.xx.xx.xxx with your IP address you found on the WhatIsMyIp.com website
5. Save the file and reupload to your server, and you should have full access to your blog, but nobody else will because they don’t have your IP.
Now you have one less thing to worry about in terms of security, hope you’ve enjoyed this Saturday tutorial!