While Wordpress 2.8.4 is the most secure version of Wordpress up to date, it is always a good idea to implement other measures to tighten up security to the fullest. Previous versions of Wordpress suffered from severe security vulnerabilities, see this for example and this, but they are all patched in the latest version.
The best way to protect your Wordpress admin panel is to restrict it to be only accesible to certain IP addresses. Ideally your home and work IP address. You can do that by placing a .htaccess restriction in your wp-admin folder.
Place the following .htaccess file in your wp-admin folder. DO NOT REPLACE/EDIT THE .HTACCESS FILE IN THE ROOT FOLDER OF YOUR BLOG.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist home IP address
allow from xxx.xx.xx.xx
# whitelist work IP address
allow from xx.xx.xx.xxx
</LIMIT>
You should note that this will prevent any other IP address from accessing your Wordpress admin panel. So if your ISP assigns dynamic IP addresses then you might get in trouble. Or if you move to another home or change ISP providers, then you may have to re-edit the code.
