Install the fix wordpress malware protection Firewall Plugin. Stop and this plugin investigates requests with heuristics that are straightforward to recognize obvious attacks.
The one I personally recommend, and the stronger approach, is to use one of the generation and storage plugins available for your browser. I believe after a trial period, you have to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate passwords for you.
There is a section of config-sample.php that is headed"Authentication Unique Keys." There are. A webpage hyperlink is inside that section of code. You want to enter that link into your browser, copy the contents which you return, and replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Upgrade now if you aren't currently running the latest version of WordPress. Leaving your site see this site is similar to maintaining your door unlocked when you leave for vacation.
Oh . And incidentally, I talked about plugins. Make sure it's a safe one, when you get a new plugin. Don't install any plugin because the owner is saying that plugin will allow you to do this or that. Use get a software engineer to analyze it, or perhaps a test blog to check the plugin. This way is not a threat for your business or you.