Denis Sinegubko from Sucuri demonstrates what lessons we can learn from WordPress WP-Login malware in a recent post. If your site is ever hacked, always remember that hackers can take over existing legit admin accounts – so Denis recommends not even have the default admin account exist, along with the usual recommendations most of us should already be doing (backing up and limiting access to the admin).
