Some tips on keeping WordPress secure
â€¢ Change your passwords often, and use long passwords with letters and number.
â€¢ Keep your software up to date.
â€¢ Don't install themes and plugins from sources you don't know.
â€¢ Delete plugins you aren't using.
â€¢ If you have an SSL certificate, connect to your WordPress admin login using HTTPS.
â€¢ Consider two-factor authentication.
â€¢ Don't use Adminâ€ for your administrator login (this is the first login name hackers try to crack).
â€¢ Back up your site regularly. Your host is not responsible for 3rd party software you install.
â€¢ Protect your WordPress site using .htacces which is an access configuration file that controls the directory in which it is placed and all sub-directories.
â€¢ Install a plugin to monitor your WordPress core files and traffic (and don't forget to read the logs).
â€¢ Change the database prefix from "wp" to anything else (hackers know what the default prefix is).
WordPress is so popular that they have a plugin for almost every custom work we use to do in a CMS. WordFence can do a variety of work using an admin UI to secure your wordpress installation. It has login security, firewall and monitoring options.