Securing Your WordPress Site

Keep WordPress Safe

1. Keep everything updated - WordPress core, themes, and plugins. Most hacks exploit outdated plugins.
2. Use strong admin passwords and a unique admin username (not admin).
3. Limit login attempts with a security plugin (Wordfence, Limit Login Attempts Reloaded).
4. Remove unused themes and plugins - less code means less risk.
5. Enable SSL so logins are encrypted - see Enable Free SSL.
6. Take backups - TackHost runs weekly server backups, but keep your own too.

If your site is already compromised, see What to Do If Your Website Is Hacked.