The number of WordPress sites that get hacked every day is measured in thousands! Most of those incidents can be easily prevented with just a few preventive actions. Implementing the following improvements won’t take more than a few minutes and will greatly decrease the chance of your site getting hacked.
Use a decent FTP password
It’s futile to protect WordPress if your FTP password is “jane1234”. Preferably generate a strong password in cPanel, or if you want something that you can remember just make sure it’s not a word from the dictionary.
Use a decent WordPress password
Yes, it’s obvious but this remains one of the most common security issues! We know you want something easy to remember and type in but it can’t be “god1234” because that’s not a password!
Don’t use “admin” username
There’s no reason to use the “admin” or “administrator” username. You can use anything else and this is the first thing bad guys check. Don’t make their job any easier than it already is.
Keep WordPress core, plugins and themes up to date
No, seriously! Update everything! “But the new version will break my …” – yes, maybe it will but using ancient versions of core/plugins/themes will get you hacked. No ifs. It’s just a matter of time.
Properly configure wp-config.php
Check if all security keys and salts have been populated with unique values. Make sure all debugging is disabled as well to prevent displaying any sensitive data.
Remove unnecessary info about the site that helps hackers
This includes detailed WP version info in HTML head as well as EditURI link and Windows Live Writer links. XML-RPC endpoints should be removed as well if you’re not using them and files such as readme.html that contain detailed WP version info.