HOW TO SECURE YOUR WORD-PRESS SITE
How to secure your WordPress site
WordPress sites are still being attacked daily. To avoid being a victim, here are some important steps you need to take.
▪ Use very strong passwords. I cannot state this too many times. Don't use simple passwords. Hackers would always use various combinations to guess your password and if your password is in any dictionary, you have just made their job a whole lot easier. Your password should be at least 8 characters long with a mix of upper and lowercase letters, numbers and special characters
▪ Don't use admin username. Is the username of your administrator admin? Most WordPress users maintain the default username. This is a security risk as most hackers simply use this default username and try guessing the password. If you are still using "admin", create a new user with admin privileges (you will need to use a different email address than the one attached to the current admin) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. This shouldn't take up to 5 minutes.
▪ Update WordPress. WordPress always releases security updates to plug security holes that may exist so always ensure you update your WordPress installation and your plugins too.
▪ Install a security plugin. There are several plugins that can help increase the security profile of your WordPress site, such as Better WP Security or WordFence.
▪ Consider CloudFlare or SiteLock. You may signup for a free CloudFlare account and then route all traffic to your site through CloudFlare services.
SiteLock also offers a similar service which blocks out suspicious traffic. SiteLock however offers the additional advantage of scanning your site and removing malware if you do get infected.