While those suggestions are brougth out from time to time, they don’t really do a whole lot as far as security is concerned. Changing the default admin folder only works if hackers are looking only for that folder and nothing else, and most that I’ve seen will try a pretty huge range of URL’s to find whatever they can. Same with the default database prefix. All you need to do is change that in your wp-config.php file before you install, but if osmeone can get access to your database then they can scan all of the tables in it so the actual table name doesn’t make that much difference at all.
The real methods of securing wordpress are almost all to do with server settings. Things like sandboxed accounts, correct file permissions and secure SSH logins and SFTP will make a lot more difference then renaming a folder or two on your site. On top of that you should always double (and sometimes triple) check any theme or plugin that you haven’t written yourself to see if you can find any vunerabilities in them. Most of the ones on this site are vetted pretty well, but there’s still no guarantee that they’ll be perfect.
So what this means is… Get the hosting comapny to have their server set up correctly, use a non-‘admin’ username for your administrator, use as few plugins as you need and keep an eye on your sites log files to check the activity on your site. That’s how you keep your site safe.
