Keep your software up to date
Ensure you are using the most up to date version of WordPress, currently 4.6.1. If using an older version, you should upgrade immediately.You may use a free tool like Sucuri’s Site Check to check whether your site is secure. If action is needed thereafter an expert can check your website and advise on what is needed to resolve the issue. It is vitally important to keep any other themes, plugins etc up-to-date too. Attackers continually target popular website software, and therefore programs need to be updated to patch security holes. Its advisable to stay up to date with hacking threats and use the information you find to put fresh precautions in place when and where necessary. By default, WordPress will apply security updates, but plugins and themes need to be updated regularly by you or your website administrator.
Use strong passwords
Strong passwords are a must. Attackers can use software that use brute force to crack passwords. To protect against this passwords should be complex and not obvious to guess. Use information that contains uppercase letters, lowercase letters, numbers, and other special characters. It is best for passwords to be at least 10 or more characters long. Restricting IP access and limiting login attempts is also advised. You may also double the number of credentials needed to log in to reduce the number of password guesses which in turn, makes the attacker’s work harder.
Use a reputable and secure host
It cannot be stressed enough but a reputable web hosting company is extremely important. Choose a host that offers ongoing technical support whenever necessary. It should also be a security-focused company focused on keeping your website secure and also offer a backup service to make it easy to restore your website if your site is hacked. Do not just rely on their back up but back up your own site regularly too. You should maintain backups of all of your website files and database in case your site becomes inaccessible or your data is lost and your host is not able to produce the version copy you need.
Encrypt your login pages
If you use SSL encryption on your login pages it allows sensitive information such as credit card numbers and login credentials to be transmitted securely. All information added to a page is encrypted, making it’s meaningless to any third party who might see it.
Keep your website clean
Every database, theme or plugin on your website is another possible point of entry for attackers. You should, therefore, remove any files, databases, etc from your website that are not in use. If you keep your file structure organized it will help you keep track of changes and make it easier to remove old files.
Secure your server
Ensure that all WordPress files and folders have proper permissions and ownership; this basic step is often not performed. Applying these controls can stop the attacker’s ability to upload malicious files and execute code that can compromise not only your website but your server too.