WordPress is already a very secure platform but it is also the target to a lot of attacks because of its popularity. Security has been covered in great detail by the resources below, but here’s our top recommendations.
Secure passwords should be over 8 characters and include numbers and symbols. We know it’s a pain! Services like LastPass and 1Password can help. Or if want to use a simple password, enabling 2 Factor Authentication (2FA) will add enough security that a simple password is fine. We recommend Google Authenticator and WP Google Authenticator.
You know this already, but having a backup is the best way to recover from an attack. Malware can be cleaned up, but it’s better to use a backup. Here’s an easy way to backup WordPress.
WordPress core should already be setup to update minor versions automatically. The Core team releases fixes really quickly so it’s important to make sure that setting is set.
Plugins and themes are also important to update often. A lot of attacks focus on out of date plugins. As a side note, you should only use reputable plugins and themes. Do some research on a plugin before you install it.
Good hosting might be the most important thing on this list. You want to find a hosting company that keeps their servers up to date and follows the hardening recommendations for hosting WordPress sites. The Hosting WordPress[https://codex.wordpress.org/Hosting_WordPress] guide has lots of good info if you want to do it yourself.
If want to dig deeper here are a ton of resources to take a look at.
Hardening WordPress – Basic steps you should consider to make your site more secure.
Hosting WordPress – If you’re hosting is yourself on a VPS, this guide will get you started on securing the server.
Ultimate Guide To WordPress Security– A really in depth look at security with a bunch of good recommendations.
WordPress Security – A high level look at why WordPress sites are targets and the top attacks people use.
These are recommended by the WordPress Hardening Guide.