#1 – Secure your login screen
Sometimes I feel like a broken record, but the reality is that making sure your username + password are secure is a great weapon in the fight against hackers. It doesn’t mean you have to use a 36-digit password that’s a random string of characters, numbers + letters like I do (although it certainly isn’t a bad idea.) Picking something that WordPress labels as strong is a great choice + will only set you up for success instead of heartbreak.
#2 – Create a maintenance plan
The other big component of keeping your site secure is keeping it up to date. that means you’ll want to create a maintenance plan to tackle the updates so they don’t sit there waiting for you for months + months.
Some site owners are ok with running updates whenever they see them. Others like to set aside a specific day of the month (i.e. the last business day or every 21st) to spend an hour taking care of all WordPress, plugin + theme updates. It’s about finding what you’ll stick with, because that’s the only plan that will work.
#3 – Prevent brute force attacks
A bonus tip for keeping your site safe is to put the kibosh on the most common type of hack that WordPress sites experience – a brute force attack. Essentially it means that a computer script is used to test hundreds or thousands of login details on one site in an hour.
Not only are brute force attacks bad in that they could lead to being hacked (if your login info isn’t super secure) but they are also bad because they are a drain on your server. This could lead to your site going down because of the volume of page loads (depending on your server).
The best way to protect yourself, if your hosting company doesn’t do this for you, is by installing a single brute force protection plugin. These plugins make it so that you can only try a certain number of times to login before your IP address is blocked for a specific amount of time. (as the site owner, you get to set the limitations once the plugin is installed.)