Keep Your Versions Updated:
- Make sure your WordPress version, plugin versions, and themes are updated regularly.
Beef Up Your User Names & Passwords
- Never use the user name or password “Admin”. Surprisingly, people still use it. Make your user name unique, for example “Big Cat 6487”, and your password long, include symbols, uppercase and lower case letters – example: 1%LKJoiJLjlhiugifghfkjgluf6546#4#4&!. Yes, you will need to copy and paste into the password field.
Lock Down Your File Permissions
- Your hosting company or developer will need to do this for you.
Use Trusted Security plugins
- When choosing plugins, make sure you read the reviews, see how often they’re updated, and make sure they are compatible with your version of WP. Always buy a paid version if possible.
Use an SSL
- An SSL (the green lock on the address bar) is necessary to encrypt data sent from the website. Data such as, forms, emails, file uploads, and more. This is a must have in today’s environment.
Use top hosting providers (avoid shared hosting if possible)
- Make sure your hosting company has the resources to combat modern threats, updates its server software regularly, and has protocols in place to repair a website if it was hacked. Shared hosting is fairly inexpensive ($200 yr), but if you can afford around $800 a year for good VPS hosting, you should do it.
There are many additional items that need to be implemented to get a website to a high security rating, but the above six are a good start.