There are millions of blogs. Some people are earning money through it and some don't. Many of the bloggers use WordPress at the moment. You need to make certain that your blog is secure.
fix wordpress malware attack will tell you that there is no htaccess from the directory. You may put a.htaccess file within this directory if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do that are readily available on the net.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, which hides the files out of public view.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it cannot be found in the root directory. Additionally, nobody will be able to read the file unless they've FTP or SSH access to your server.
Now we're getting into things specific to WordPress. You have to rename it to config.php and alter the document config-sample.php, when you install WordPress. You need to deploy the database facts there.
There is. People always know where they can login and additionally they could just drop by with your login form and try a different combination of passwords and user accounts outside. In order to prevent this from happening you need to install Login Lockdown. It is a plugin that allows users to attempt to login with a password three times. visit this page Following that the IP address will be banned from the server for a certain amount of time.