Let me shoot a scare tactics your way since scare tactics appear to be what drives some people to take secure your wordpress site a little more seriously, or at the very least useful reference start thinking about the problem.
I might find it a little harder to crack your password, if you're one of the ones that are proactive. But if you're among the ones, I might just get you.
There is a section of config-sample.php that's headed"Authentication Unique Keys." There are. There is a hyperlink inside that section of code. You want to enter that link into your browser, copy the contents that you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Now it's time to sign up for a new Facebook accounts and use this individual's name and identity to present as your friend. Once I get it all set up, I'll be telling you posing as your friend and asking you to be friends with helpful hints me on Facebook (or Twitter, or whichever societal site).
Just make sure that you find more can schedule, and you choose a plugin that is up to date with release and the current version of WordPress, restore and clone.