Most of the time, you do not need to log into your WordPress site with full Administrator privilege as an Editor role has the ability to assign posts or pages to any author on a site.

• You do not need to log into your WordPress site with full administrator privileges all the time. Make it a point to backup your files and database completely before proceeding. Limit your access to your site by setting up a generic Editor role for day to day publishing and comment management.

• Use robust passwords. A 10 character password with a mix of uppercase and lowercase letters, numbers, and symbols. Many times WordPress websites are compromised by weak passwords. Complex passwords may be difficult to remember, so you can use a few password management tools.

• A default WordPress allows unlimited login attempts either through log in page or by sending special cookies. This will enable passwords (or hashes) to be cracked with ease. You can prevent this by installing the plugin Limit Login Attempts which blocks an IP address from making further     attempts after you have reached a specific number of tries, making an attack virtually impossible.

These three tips are simple to implement, and can definitely help keeping your WordPress site secure.