2. Create complex long passwords using letters, numbers and various characters

According to statistics, the most commonly used passwords are “123456”, “password”, “12345678”, “qwerty” and “123456789”. Naturally, sites with such passwords do not last long. It’s good if your password is not a dictionary word, it will have at least 15 characters, including lowercase, uppercase letters, numbers, and symbols.  

3. Use two-factor authentication

For example, using the Rublon plugin or any other – the choice is wide enough. Two-factor authentication provides more reliable protection against unauthorized access and is already familiar to many users who use Internet banking, Google services, iCloud, DropBox, etc.

4. Be sure to turn off the prompts in the WordPress login form

After all, you know your username and password even without hints, even if you make a typo. And to the attacker, this information will only simplify the task of hacking. To do this, add a few lines of code to the functions.php file.  

5. Use plugins only downloaded from the official WordPress repository

In an extreme case, with well-known proven resources such as CodeCanyon, GitHub always have positive user reviews. Never install hacked plugins downloaded from warez. Of course, if your site is dear to you.

 

6. Timely update WordPress, themes and plugins to the latest versions

Developers regularly release updates that close all discovered vulnerabilities. Current versions not only improve WordPress performance and compatibility but also significantly reduce the chance of hacking your site – this is a fact.  

7. Keep your WordPress clean

Never store unused plugins and themes on the server. As a last resort, archive.  

8. Disable trackbacks

There is little benefit from them, but they will certainly bring you troubles. Using WordPress trackbacks, cybercriminals can generate massive requests from such sites for the victim site, thereby causing a massive DDoS attack. Just go to your WordPress discussion settings and uncheck “Allow alerts from other blogs (notifications and trackbacks) to new articles.   

9. Set the correct permissions for all files and directories on your site

For directories, this is 755, for files, 644. You should be aware that giving permission to a file/directory to write (or worse still full access – 777 ), you expose your site to a serious threat. You can learn more about rights in the WordPress Codex.  

10. Prohibit viewing the directory index of your site

Very often, a crookedly configured server in the absence of index.php or index.html files in the directory displays a list of directory files. Attackers can take advantage of this. To avoid this, add the line in .htaccess. Also, make sure that the wp-content/themes and wp-content/plugins directories have an empty index.php file.