Hackers are the vandals of the Internet. They get their kicks by defacing and wreaking carnage on your property, in this case, your website. That they ruin your hard work is bad enough, but when that results in a loss of income, it can be soul-destroying.
Just as a burglar will take advantage of an open window or a car thief will steal an unlocked car, a hacker will destroy your WordPress website if you give him half an opening.
Tips to Beat The Hackers
1. Find a Good Host
It all starts with your web host because that’s where your site data is stored.
Look for top-class technical support and ask a few questions before you commit.
The answers you get to questions such as “How can I make my WordPress site more secure?” will tell you a lot about the attitude the support team has to security.
The screenshot above from LCN gives you an idea of what a good host should include for free.
Avoid no-name hosts that you can find no mentions of on review sites because they may be know-nothings who are just acting as resellers for one of the big companies. However, beware of big-name companies, too, because they often get poor reviews and have low customer satisfaction ratings.
2. Set Strong Passwords
Strong passwords are the locks on your system. Nobody would ever fit a bedroom door lock to your front door, yet people do use simple passwords on their web accounts.
The longer your WordPress password is, the less likely that a password guessing machine will ever hit on it, especially if it includes non-alphanumerical characters and numbers as well as lower and upper-case letters.
Your WP password must be unique. If you use the same password as you use for your Company Z shopping account and Company Z is hacked, then the hackers have your WordPress access password and can wreak havoc on your content. Try Magic Password.
3. Install a Security Plugin
You need a premium security plugin. The difference between free and paid versions is immense, and premium plugins only cost a few dollars a month.
Any premium security plugin will have multiple setup options that make things look complicated. The default options will work for most people and are certainly better than having no protection at all. If the plugin suggests doing something, do it.
4. Check for Updates
Check your WordPress dashboard for updates every day. Plugins, themes and the core WordPress software are updated for a good reason. Often the updates are there to plug security loopholes that have been found.
5. Make Backups
Every update risks crashing your site, but postponing updates and doing them once a month is not a secure option. Backing up your entire website is a pain in the butt, so you need to make it quick and straightforward to do. Backup plugins exist, but the fastest way to a one-button backup is to install a premium backup plugin such as Updraft Plus.
6. Check Your WordPress Settings
Uncheck the ‘Anyone can register’ box in your Settings – General screen. If you must check it, then set the default user role to ‘Subscriber.’
7. Use a CDN
A free CDN (content delivery network) helps to speed up your website, but as soon as you start looking at a CDN monthly subscription model, the security features increase. Some will mitigate DDoS attacks and reduce the chance of hackers stealing your customer data.
Long Story Short
Improving WP security can be done for free. If you buy a couple of low-cost plugins you can fix every issue you will come across without seeing a line of code.
Every article you read tells a similar story: WordPress security is good, but you can make it better. The next step after following the advice here is to check out this WPArena article which goes into much more detail and walks you through improving your WordPress security step by step.