Security is the most neglected part of a WordPress site. Many only think about it when it’s already too late, or when their sites are already hacked or infected with malware. To avoid being one of these people, take security seriously. Good security costs almost nothing (there are free plugins) to fully protect your site against attackers and malicious software.
Use the WordFence plugin
With so many good plugins (both free and paid) available on the market, we recommend the Wordfence Security plugin. Check the How to Configure Wordfence Security Plugin for WordPress tutorial for a quick start.
Keep plugins up to date
We all know that WordPress wouldn't be as effective without its plugins. We all use them and it is thanks to them that we can save a lot of time we would otherwise be using building everything from scratch. All you need to do to keep your site safe is to remember to keep all your plugins up to date. If you aren’t using a plugin anymore, just deactivate (or remove) it, but never leave a plugin outdated. It's the easiest way to give any potential hacker access to your site.
Other good practices
The Wordfence Security plugin gives you the ultimate online protection and security. If this plugin detects any potential security issues you will be immediately notified about it. But it can't detect and solve all of them. Some of these issues are caused by human nature, so we also recommend that you stick to the following rules:
· Don't give the admin access to just anyone
· Make sure that users with access to your site have the appropriate access level
· Use the strongest passwords (Wordfence has an option to use strong passwords, make use of this!)