Remove the default admin account – Hackers need two pieces of information to get into a website. The default admin account already gives them the username, now all they have to do is brute force attack to get the password. Although brute force attacks will automatically be blocked by our firewall, hackers often use many IP addresses to carry out attacks.
Use secure passwords – Using passwords with at least 10 characters with upper and lower case, numbers, and special characters will ensure that your account is secure.
Use published and verified content – We have seen some sites that offer pirated themes and plugins that are infected. Once they get a hold of your site, they modify the database. Since all of the changes can’t be verified, best practice states that the website must be restored from a backup or completely rebuilt from the ground up. This is a very serious problem and could result in hundreds or thousands of dollars for a web designer to redo your website.
Keep WordPress up-to-date – As with any software, WordPress, themes, and plugins will always have vulnerabilities. Every new release usually contains several fixes to patch these, as well as performance improvements.