Last two weeks I received mails requesting for how to secure a wordpress site, but also my WordPress site have once gotten hacked but now I would be given some tips to get your wordpress site secured:
This is the first factor to be considered because not all not all web hosting providers are created equally so when choosing a hosting for your wordpress don't go for the cheapest you found just make sure you make research that it is a well organized and established web hosting. I can suggest you use IFast Hosting.
2.Use of Strong Passwords and Admin Rights
Recently, from wordpress version 3.0 there is an update to create an admin account automatically after successful setting up of a wordpress site. This admin account can give hackers access into your wordpress site if probably you don't have a strong password for it, but it is advisable you create a New User with administrator right and use the created account to delete the admin account.
Note that after creation of another administrator account your password must not be so simple like"admin123","signmein"but it should be a strong password easy for you to remember but very hard to crack.
3.Keep Up to Date
There is an update tab in your wordpress dashboard to let you know when an update is available for WordPress, themes or any plugins. Just amke sure you update them updated as this would increase your level of security.
4.Limit logins Attempt
You need to limit your number of login attempts by allowing cookies and choosing remember me when you are about to sign in to your WordPress Dashboard. There is a plugin called Limit logins attempt that can enables you to limit your number of login atttempts.Learn how to install the Limit logins attempt Plugins here.
The Plugin also allow you to auto ban any IP that is decteted trying manny login attempts.
5.Monitor for Malware
It would be impressive if you have some kind of system in place to constantly monitor your site for malware. How you monitor is virtually important, just make sure you select a method that can actually dive into your file structure and detect deep breaches. Once any malware is decteted make sure you take action to get it removed as soon as possible.
6.Keep a Backup
It is very esssential to keep a backup of your wordpress site as something unexpected might happen that can expose your site to attacks even with your high level of security. Plugins like WordPress Backup to Dropboxcan help you in backing up your wordpress site automatically as you schedule it.
7.Hide your username from Author Arhive url and Public
Another person shouldn't know your username and it shouldn't be included in your Author Biography.
Wordpress displays your username in the URL of your author archive page by default. e.g. if your username is hiideemod, then your author archive link would be www.yoursite.com/author/hiideemod. It is necessary you change this also.
8.Use few Plugins
If you are a wordpress user that have many plugins on your site, the warning for you is to delete plugin you are not using at all as it may serve as hideout for your site attack. Also, use plugins from trusted Source and Authors
9.Avoid Free Themes
Not all site offering free themes are to be trusted as they may include any script inside the theme that can expose your site to attack. It is advisable you get paid themes and enjoy world of bllogging.
10.Make Use of Security Plugins
Most of the security plugins gives more maintenance and gives you more hints on what to do to protect your wordpress site. Below are some of the Plugins:
-iThemes Security (formerly Better WordPress Security)which offers wide range of security features.
-All in One WP Security&Firewallto add a firewall to your wordpress site.
-BulletProof Securityto protect your site via .htaccess.
-Sucuri Scannerto Scan your site for Malware.
-Exploit Scannerto search your database for any suspicious code.
-WordFenceis a full featured security plugin.
Hope this helps don't forget to share with your audience on social networks.