You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
The fix wordpress malware attack Codex has an outline of what permissions are okay. File and directory permissions can be changed either via an FTP client or within the administrative page from the web host.
This is great news as it means that there's a strong community of developers and users that can improve the platform. However, whenever there's a big group of people attempting to achieve something, there'll always be people who will try to take down them.
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are four definitions that appear within the block. A hyperlink is inside that part of code. You need to enter that link into your browser, copy the contents that you return, and then replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a fantastic option.
Do your homework and some hunting, but if you are pressed for time and need to get this done once and for all, try out additional reading the WordPress security plugin that I use. It is a relief to know that my website (and business!) are secure.