Another great security plugin I have started using is wSecure.
It secures your WordPress website by working on the principle of hiding the admin URL from potential hackers.
The wSecure plugin works by hiding admin URL so that “www.yoursite.com/wp-admin” will no longer bring up the admin page.
Instead, wSecure allows you to set your own admin URL using a secret key (for example: http://www.yoursite.com/wp-admin/?secret).
Only people who enter the secret key will be able to access your admin area.
By moving the admin area and login away from the default WordPress location in this fashion and using a random secret key to hide it, it makes it almost impossible for hackers to simply enter the default http://www.yoursite.com/wp-admin location and then try to brute force the password to get admin access, adding another layer of protection and security to your website!