#1 Keep WordPress Themes and Plugins Updated
This seems like a no brainer, but I can not tell you how many times I will log into a clients admin of their wordpress website and see many pending updates. We hear about vulnerabilities in certain themes and plugins each month. Many of them are updated by their developers regularly. If you don’t update old plugins or themes, you might get hacked. If you have multiple websites, you may want to rely on solutions such as ManageWP to handle the updates.
#2 Move your wp-config file one level up
Move your wp-config.php file one directory up is a good practice (some argue it is not but I disagree). Make sure you get the permissions right.
#3 Monitor user activities
Know what happens in your community and who may be trying to hack it is very important. You will always have a better chance to figure out what is going wrong when you can refer to activity logs.
#4 Monitor file changes
Certainly not all hack attacks happen overnight. Sometimes, hackers take weeks to implement their plan. By monitor file changes on your website, you will be able to catch them before they can do real damage.
#5 Backup your website
This is a no brainer. Disasters happen all the time. If you do not have your file backups stored offsite, you are going to have a difficult time bouncing back. VaultPress is a great backup solution for WordPress. These online backup tools can also get the job done well.
#6 Follow basic & best practices
Many articles have been written on simple steps you can take to make WordPress secure. Even if you don’t have time to keep up with WordPress security articles, you can use security plugins to help you figure out the weaknesses of your site.
#7 Limit login attempts
Attacks are not always sophisticated. But you should not let hackers mess with your login page. Using a plugin to limit login attempts is the least you can do to keep strangers out.