• In steps to secure WordPress website While we are using WordPress avoids the use of default WordPress “admin” user. Steps to secure WordPress website Always use unique secure admin username and as much as possible complex password, preferably with an unusual combination of letters, numbers and special characters.
  • It happened most websites are compromised when the core files or plugins are out-of-date. There need to pay attention when WordPress community or any developers announce updates related, and make sure you have the latest versions on your site.
  • As there is a need to use a plugin for extra functionality but do not overdo plugin installation. Install only essential plugins, and read their reviews so you know which are from trusted sources.
  • Most of the time, hacked websites are those which are using an older version of WordPress. Older versions of WordPress seems to always have a few known security issues. And it exploits for these security issues are available for free. Even a kid can make attempt & can hack your website if it is running on a vulnerable version of WordPress.
  • Always keep all plugins and themes added in your blog updates to the latest version. New versions always come with many new features and security fixes. So, regular updating plugins and themes are necessary. Most of the time it happened that, these third party plugins & themes are the victim for vulnerability in WordPress websites. Attackers can exploit these plugins only to gain access to your website or inject malicious script on your WordPress website.
  • Download plugins & themes only from trusted sources. Nulled plugins and themes from untrusted sources normally contain malware in the code file. If you want to check try to install any security plugin, you will be notified, but why to take such risk. Advice is to avoid such unknown sources for download plugins & themes.
  • The default username of administrator is “admin” so keep avoid using the administrator default username ‘admin’ because this is the default and common. By using this default username in your blog, you are unknowingly helping the attackers. He/she does not need to guess the username in this situation, just brute force your WordPress website for this username admin.
  • Always use as much as the strong password for your WP account. WordPress brute-forcing tools are freely available. So, do not take such a risk. Use a long password with a combination of capital letters, small case letters, numbers, and special characters. A combination of these makes your password strong which is hard to guess.

Some more you can try

1. Limit login attempts

2. Employ two-step authentication

3. Choose a custom table prefix

4. Set correct file permissions

I hope it will help many your comment are appreciated.