In my view, the best way to ensure that your WordPress security is via the use of a rename your login url to secure your wordpress website backup plugin. This is a fairly inexpensive, elegant and easy to use way to be sure your site is available to you.
No software system is immune to vulnerabilities and bugs. Security holes will be found and bad men will do their best to exploit them. Keeping your article source software up-to-date is a good way because software sellers will fix their products once security holes are found.
One step you can take is to delete the default administrator account. This is critical because if you don't do it, a user name which they could try to crack is known by malicious user.
So what's the best way? Out of all of the choices that are available today, which one is right for you personally and which path should you choose?
Do not use wp_ as a prefix for your own databases. Most web hosting providers are currently eliminating that default but if yours doesn't, fix wp_ to anything but that.