- Always keep your plugins and themes up to date
It is important to update plugins, themes and your server software as often as possible to keep everything up to date and secure. The main reason this makes such a big difference is that every new release of WordPress, themes, plugins and server software have tons of new security updates with the latest protection possible against hackers and known viruses. If you keep everything up to date, you will have minimal problems with hackers and viruses effecting your WordPress website or blog.
- Use Secure password
If you take your WordPress security seriously, you should not use a password that has been used on any other account, site or other password protected objects you may own or be a member of. This is because if they get compromised, then your WordPress site is instantly vulnerable as well.
If your WordPress administrator password is anything like ‘letmein’, ‘abc123’, or ‘password’ (all way more common than you might think!), you need to change it to something secure as soon as possible.
- Disable file editing via the dashboard
In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard.
The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to.
So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file:
define( ‘DISALLOW_FILE_EDIT’, true );
- Download plugins Properly
Never download a plugin or a theme from a warez or torrent or file sharing sites. The content on these sites can be disguised as a plugin or a theme but it will harm your site when uploaded to your server.
- Don’t Show WordPress Version on Your Blog
The specific WordPress version that you are using can give the attacker an upper hand in finding a way to break in.
- Use security plugins
There are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked.
- Don’t use ‘admin’ as username
Anybody who tries to get into your WordPress admin section will try with ‘admin’ as a username. If you change it, potential hacker has to hack both username and password.