Below are the ways you should follow to secure your WordPress website from hackers.
1) Keep your WordPress website updated
Keeping WordPress updated is the 1st thing you should always consider. Outdated wordpress versions may have some vulnerabilities and Bugs which might have been fixed in the newer version. Always keep your WordPress version, Plugins and themes you are using in your wordpress website. Keeping WordPress updated helps in improving your website speed.
Always take a BACKUP of your website before upgrading your wordpress version, sometimes your themes and plugin may not work in newer version of WordPress
2) Hide your Login Page
Login page is very important when a hacker wants to get access to your WordPress website. Without login page hacker won’t be able to login into your website even if he sometimes get your website Login credentials. Hiding your login page will minimize attacks which are carried on Login page to get access to the Admin panel of the website
You can use WPS Hide Login which is FREE and it works good
3) Use Brute force protection
Brute force is an attack which is carried on the login page using COMMON username and password combination to bypass the admin page, i.e to get the working login details. As mentioned above how much it is important to hide your Login page, Brute force protection is also necessary for ALL websites. It is important to use Login Limits to minimize brute force attacks
You can use Loginizer which is FREE and it provides good protection from brute force attacks
4) Never use Easy Usernames & Passwords
Using a common Usernames & Passwords is NEVER recommended. Even if you have used brute force protection, there is still chances that hacker will try brute force and can use Easy Usernames & Passwords combinations which are used widely. Example : Click here to find common usernames & passwords. Never use SAME passwords on all website like facebook,gmail,yahoo,etc. Always use a different and Complex passwords for every website
5) Never use Nulled Plugins/Themes
Nulled themes/plugins are hacker’s BEST FRIEND. No one ever will work for FREE giving their time and dedication to provide paid plugins/themes for FREE. There are mostly Backdooor/Malware inserted into files of the plugin/theme which are mostly hidden. Using Nulled plugins/theme will automatically give access of your website to hacker once you start using it. Even if the theme/plugin is NOT ACTIVE, still hacker will have access to your website
6) Secure your Admin “email” of website
Never share your email which is used as Administrator email of your wordpress website with anyone. Always use a Strong password for all your accounts and websites.
7) Two Factor Authentication
Using Two Factor Authenticatin helps to provide an extra security layer to your wordpress website. You can use Google Authenticator which is a WordPress plugin that operates via an app installed on your Android/iPhone/Blackberry. The plugin generates a QR code which you can scan with your mobile device or you can enter the secret code manually.
8) Use Secured Hosting
This is a MUST thing which should be considered before choosing hosting.
This is because even if your website is Secured but the server where your website is hosted is Vulnerable, can be compromised and which will directly affect your website too.
HostatHash provides Secured hosting around the globe in affordable rates without any other security charges. Packages starts from 500inr/yr ($8/yr)
Final words : No one can assure 100% security of website but there are measures taken to minimize and block attacks. This 8 things are MUST if you want your website to be secured